The owner changed sharing settings so that the document was available to “Anyone with the link”, and.The file was not converted to Docs, Sheets, or Slides (i.e.It said that the glitch was relevant only if all four of these conditions apply: Google downplayed the flaw last week in its blog posting, saying that the flaw only affected a “small subset” of file types in Google Drive. Google has now patched the hole, which it got wind of via its Vulnerability Reward Program. Unfortunately, the flaw was also letting the website owner – an unauthorized party – view header information, potentially including the original document that included the URL. When someone clicks an embedded hyperlink, they get sent to the website of a third-party website owner. It turns out that Google Drive has been incontinent, dribbling out private data courtesy of a security hole concerning files with embedded URLs. Google just handed us another opportunity to do just that.
We often repeat this advice from former Naked Security writer Graham Cluley: for a better understanding of how you should approach security in the cloud, simply replace all instances of the words in the cloud with the words on somebody else’s computer.
0 kommentar(er)
