Google plugs hole in Presentations after e-mail addresses leak out
For 15 hours, e-mail addresses are exposed through flaw in Google Docs' new Presentations feature, before Google fixes it.
Nathan Weinberg at Inside Google sure can write a dramatic blog entry. For instance, in this one on Google closing a security flaw in its new Presentations feature of Google Docs, he starts out with a screen capture of e-mail addresses that were leaked through that flaw. Of course, the addresses are obscured. It's a graphically appealing but very scary image.
Weinberg explains what happened:
"Google Presentations has a chat feature, based on Google Talk technology, that lets people chat while viewing a presentation. I embedded a presentation here, as did Matt Cutts on his blog, and a number of people linked to it. Everyone who went to that Presentation and logged into their Google Account to chat gave their e-mail address to me and to every other visitor to the chat, without even knowing it. The reason is that Presentations logs your chats, just like Google Talk does, and those logs appear in your Gmail Chat folder. While the chat window in the presentation doesn't list e-mail addresses, the logs do, and almost everyone gets them automatically."
Apparently, the breach was live for about 15 hours before it was closed, he says.
A Google representative provided this statement when asked for comment: "We take our users' privacy and security very seriously. We acted quickly when we discovered this bug and delivered a fix: e-mail addresses are no longer archived during presentation chat sessions."
