Google Said to Add Insult to Injury in Security Loophole Case
July 14, 2012
If this description is accurate, it is far from reassuring. Saket Jojodia’s wrote in his Tecko Blog, “Google Apps Loophole Let You Access Other’s Domain Login Details.” The loophole itself is disturbing enough. Jojodia’s experience when trying to report it is infuriating. Of course, we only have his side of the story, but past reports suggest there may be more than a grain of truth here.
I won’t pretend to understand the technical details behind the way Jojodia discovered the issue, and it’s kind of a moot point since he says it has now been fixed. Something in the process of changing his Google Apps (GA) name server allowed him to see someone else’s login details. He diligently contacted that individual, then called in to report this significant problem to Google. Here is what he says happened:
“When got in contact with one of their support team they were not believing me that there can be any kind of such security flaws in their system and to explain them about this it took me more than an hour and still I wasn’t able to see Good sign that they are taking me seriously and I also heard one of them was laughing when I was trying to explain them about it. I thought why I should waste my precious time by helping them, as they started laughing on me. It made me really angry but for the sake of millions of domains which were bought through GA so to help those people who bought I again tried to explain them and still I wasn’t able to see any positive sign. “
Eventually, Jojodia convinced the Googlers with a screenshot, and the problem was finally fixed. But no one should be so harassed when trying to perform a good deed. Judging by his writing style, American English is probably not his first language; it might have been his accent they were allegedly laughing at. How unprofessional can you get?
Cynthia Murrell, July 14, 2012
Sponsored by PolySpot