Another Odd Post To An Official Google Blog Raises Security Concerns


Accidental Post To Google's Blogger Buzz

Does another odd post to one of Google official blogs mean Google losing it
in terms of security? It spurred Michael Arrington to fire up a list over at
TechCrunch of other security issues, a couple I wouldn’t agree were breaches.
But I can add to the list as well, and there’s no doubt these type of things
hurt Google when during its expansion, it needs all the goodwill and trust it
can get.

Yesterday, Google Blogoscoped
wrote
about a strange post on Blogger Buzz, the
official blog for Google’s Blogger. It
turned out to
be a case of someone who writes for the Blogger Buzz accidentally posting
something meant for her personal blog on Blogger to the official one.

I can completely sympathize with this. About two weeks ago, I posted
something to the Search Engine Watch Blog that I meant for my personal blog
Daggle. Both use Movable Type, on completely
different systems. But I had browser windows open to both of them and just
picked the wrong one.

Unfortunately, the mistaken post (which is still up on Blogger Buzz for me)
comes about a week after the Official Google Blog was hacked with a
fake post.
Add that to some other things, and people might be getting worried.

That’s certainly Michael Arrington view at TechCrunch. He

writes
:

The fact that unauthorized document access is a simple password guess or
government “request” away already works against them. But the steady stream of
minor security incidents we’ve seen (many very recently) can also hurt Google
in the long run. Running applications for businesses is serious stuff, and
Google needs to be diligent about security.

Another minor incident came up this evening – a Google employee intended to
post on her personal blog and wrote on the official Google blog covering
Blogger instead….

Google product teams work in cells, which allows them to quickly launch and
iterate products. However, there could be a disadvantage to this as well with
regard to security, as their does not seem to be one central policy or
security group ensuring strict compliance across the entire company. Every
security incident damages Google’s credibility and reputation. Microsoft has
been dealing with security issues forever – Google may need to start fighting
the same war.

The post includes eight examples of security incidents since 2004. Some I
don’t agree with, but others I do — and there are more not on the list. I
posted about these at TechCrunch, but my comments aren’t showing yet (and
possibly didn’t go through properly). Here’s what I wrote:

Goodness knows I’m not going to defend them on a lot of this stuff. The
repeated problems with Blogger security are becoming absurd. Three strikes on
their own blog? But Mike, some perspective is probably in order.

Accidentally released Platypus? Sounds like Philipp has a contact at Google
that leaked it to him. I suppose that’s a security issue, but it’s not really
a user security issue. Lumping it in there doesn’t feel fair. And if you’re
going to do that, then any time someone from any company leaks you something,
you should be reporting that as a security breach from that company.

Some of the other items are iffy on the user security side. They left stuff
in a Writely doc, similar to how they left stuff in that analyst presentation
a few months before. Sloppy, yes. Security breach, no. Worthy of concern? Yes,
because sloppy there could mean sloppy elsewhere.

To add others to your list:

Overall, I agree with you. These incidents hurt Google’s reputation and the
trust users may have with them. What I can’t tell is how they stack up in
trust compared to someone like Microsoft. I suspect they’re still well ahead
there. But it’s not "may need" to fight the war. They’re in that war now, and
every new app increases their exposure to exploits.

Related reading

Google_Display-ads-for-a-mobile-first-world_600
Google I O 2016 on Google
A graphic showing the old Google logo superimposed over a faint search results page.
Shift London