Use access key #2 to skip to page content.

Why Google Apps for Enterprise is an Enormous Joke

Recs

13

July 15, 2009 – Comments (10)

Because people are idiots when it comes to passwords, and because Google makes it easy for hackers to get access to everything an employee has.

" In the latest case, a hacker guessed the password for an employee's personal e-mail account and worked from there to steal confidential company documents."

Funnier than that, Twitter expects its underpants model to actually bring in money.

The forecast envisioned Twitter generating its first revenue in the current quarter, with sales of about $400,000 and about 60 employees. By the end of next year, Twitter expected to employ about 345 people with annual revenue of about $140 million, according to the documents published by TechCrunch.

From zero to $140 million in a year or so? And 4 years from now, $1.4 billion?

ROFL

Links below.

 

10 Comments – Post Your Own

#1) On July 15, 2009 at 9:41 PM, TMFBent (99.82) wrote:

Twitter Hacked

Twitter's underpants exposed

Techcrunch's scoopage

More signs that we're in bizarro land again?

Twitter TV show

I can't wait for twitter's 15 minutes to be over. Hopefully it IPOs first so some of us can make money shorting the bejeezus out of it.

Report this comment
#2) On July 16, 2009 at 1:12 AM, ajm101 (31.92) wrote:

TMFBent - to be contrarian, with proper access control on those documents (a process, not a tech issue) the password thing's not so much of an issue.  I'm pretty confident that Google is better with intrusion protection, firewall, blacklisting, updating patches, strong sysadmin passwords, physical security, etc. than most companies in-house IT would be.  I'm not saying I don't have doubts about the SaS/cloud stuff, but there are positives to it.  It doesn't really matter how strong passwords are if the infrastructure can be compromised.

Where'd you find the Twitter revenue projections?  I figure there's a way make it profitable, but billions with a 'b'?  Let me know when LinkedIn goes public....

Report this comment
#3) On July 16, 2009 at 8:14 AM, TMFBent (99.82) wrote:

I'm pretty confident that Google is better with intrusion protection, firewall, blacklisting, updating patches, strong sysadmin passwords, physical security, etc. than most companies in-house IT would be

Possibly, but in-house IT can make sure that people don't use stupid, easy-to-guess passwords. It's as simple as setting parameters. (Perhaps this is possible with Google docs as well...)

But to me a bigger issue is that Google makes it too easy for hackers to target big-name companies, because it's easier to guess  where this stuff is. Obscurity provides a large degree of safety (ask Mac owners who for years benefitted from the fact that the user base wasn't big enough to make hacking worthwhile...)

I'm pretty sure that companies will quit bragging that they're using Google docs after this kind of thing, and if they're not out there bragging about it in the press, Google loses that free love and advertising.

The Twitter revenue projections come from reports about the Twitter files that were hacked.

Methinks if twitter believes it can do $1.4 billion in revenue, they're going to need to collect a lot more underpants.

Report this comment
#4) On July 16, 2009 at 11:26 AM, galtline (33.27) wrote:

Seriously?  You're labeling Google Apps (and by extension, cloud computing and web-based applications in general) as an enormous joke due to the dangers of hacking?

 Sure...an in-house IT staff can "make sure that people don't use stupid, easy-to-guess passwords"...nothing is stopping a company from still setting parameters.  If stronger password protection is the issue, that really doesn't constitute an enormous failure.

 The issue here is whether or not sharing access to information is valuable to a company...and I believe the answer to that is a resounding YES.

Whether a company is using Google Apps or not, you can bet they're accessing their email from the internet, sending documents back and forth, and using other web-based applications.  Unless you set up every employee with a VPN client (and believe me, that is an enormous risk all by itself), then they're using web-based applications.

Blaming Google for a company's lack of enforced strong password protection is like criticizing Symantec when you haven't been updating your virus patterns and your PC gets infected.

What about online banking?  It carries the same risks as logging in to Google Apps... 

If there is a viable alternative to sharing data and documents without using the internet, I'd love to hear it.

Report this comment
#5) On July 16, 2009 at 12:04 PM, beatnik11 (< 20) wrote:

a hacker guessed the password...

Then he didnt hack anything.  Searching for information in order to guess a password is not hacking.  Hacking means that the person used or manipulated code in order to gain entry into another computer/program/site.

 Also, I never understood what people see in Twitter, for the most part it seems completely useless

Report this comment
#6) On July 16, 2009 at 12:18 PM, TMFBent (99.82) wrote:

a hacker guessed the password...

Not really, he exploited a pretty simple and predictable phenomenon -- people using terrible passwords -- and managed to find one that worked. People have fired dictionaries at passwords for a long time, and that's why smart IT people don't allow PW without random numbers, etc. in them.

And I am blaming Google for this, because it's naive cloud business model ("Hey, use our software that is about as feature-rich as what you had a decade ago, and you have to store it with us!") is going to mean this happens more and more.

There's value in obscurity, and big name companies on Google Apps aren't going to have it.

What about online banking?  It carries the same risks as logging in to Google Apps... 

Please. First someone would have to guess where I'm doing my banking. Then guess my login name. Then guess my password. And if that happened, sure they could cause some trouble with that account, but they wouldn't have access to every document I'd created for work for the past year.

Cloud computing is only the holy grail for people who don't know much about computing, or clouds. There are tons of better sharing services already available, most of which will be a lot tougher for people to guess their way into than Google aps.

Pretending that cloud computing is the future: kind of naive. it's already here, it's just that the ignorant masses don't know it. Pretending that Google is the major force in cloud computing because they made and monetized a search engine. That's just funny.

Sj

 

Report this comment
#7) On July 16, 2009 at 12:35 PM, DutchMark (82.10) wrote:

People have fired dictionaries at passwords for a long time, and that's why smart IT people don't allow PW without random numbers, etc. in them.

Which is actually silly as the real solution to that is not allowing unlimited login tries. If the computer waits 10 sec. after the first failure, 20 sec. after the 2nd... this is never a problem.

Most financial sites I use that value security require me to have a physical key-generator as well as a password. As more of people's life moves online I think a physical or biometric solution will become ubiguitous. That will solve the problem for Google and everybody else.

I also don't know what the Twitter hoopla is all about. But shorting it is probably as risky as saying SMS texting is never going to take off, as many a company did at the time.

 Mark

 

 

Report this comment
#8) On July 16, 2009 at 12:43 PM, galtline (33.27) wrote:

And I am blaming Google for this, because it's naive cloud business model ("Hey, use our software that is about as feature-rich as what you had a decade ago, and you have to store it with us!") is going to mean this happens more and more.

Hmm...so, sharing information (rather than storing a file on a personal computer) is a naive business model?  

Please. First someone would have to guess where I'm doing my banking. Then guess my login name. Then guess my password.

Which is kind of my point...all that Google was guilty of was a customer creating a weak login name and password.  Here is an idea - create a login and password that aren't obvious or easy to guess.

Now, if Google were guilty of letting a hacker in through a brute force attempt (hacker creates a program that tries combinations of numbers and letters...over and over again), then I would fault them. 

And if that happened, sure they could cause some trouble with that account, but they wouldn't have access to every document I'd created for work for the past year.

Yeah, you're right...getting access to documents is much worse than money...please... 

 Cloud computing is only the holy grail for people who don't know much about computing, or clouds. There are tons of better sharing services already available, most of which will be a lot tougher for people to guess their way into than Google aps. 

Cloud computing is a catch-all...but in the case of Google Apps, it's just fancier name for an "Application Service Provider".

Okay, I'm curious...what other sharing service are available which bypass the need for strong password security?

Pretending that cloud computing is the future: kind of naive. it's already here, it's just that the ignorant masses don't know it. Pretending that Google is the major force in cloud computing because they made and monetized a search engine. That's just funny

I never claimed that Google was a major force in cloud computing.  I'm also well aware that "cloud computing" is already here...really, the name is mostly marketing hype...although I do like what I'm seeing out of hosting services (Amazon, Rackspace, etc).

 

Your response as left me more confused as to where you stand.  Are you saying that cloud computing (hosting models, web-based applications...all of the things that have been lumped into the "cloud computing" tag line) is not the way companies should be conducting business?  Or are you simply saying it is naive to say that cloud computing is the "future", since we're already doing it?  I'd agree with the latter...

If it is the latter, then how is Google Apps any different than any other web-based application? 

Report this comment
#9) On July 16, 2009 at 1:49 PM, ajm101 (31.92) wrote:

dutchmark - you can't have server-side biometrics, and that information has to be encoded into a binary format if it's going to pass over the internet.  While biometrics would not really vulnerable to a dictionary attack like passwords (though that could be fascinating to consider, when you think of how non-random a fingerprint really is... continuous lines with constraints on width with only a few major patters like whirls/etc.  But I digress) it is still vulnerable to man in the middle attacks, side compromises, and other methods of attacks.

That's really the major point of contention from where I stand.  You have a Google App (and the relative merits of that can be debated) that is a more obvious target for dictionary attacks, but you have to weigh that against their greater expertise in preventing some of the server side attacks that would make any authentication method, however clever, totally moot.

Report this comment
#10) On July 16, 2009 at 1:51 PM, ajm101 (31.92) wrote:

(doh, typo: when I wrote 'side compromises' i meant 'client side compromises' ... like trojans, port scanning/buffer overflow exploits)

Report this comment

Featured Broker Partners


Advertisement