Google's JotSpot exposes user data
A security researcher has found that Google's JotSpot online collaboration service exposes user names and email addresses that are subsequently indexed by Google's Web crawler. However, Google says that the problem is really due to erroneous configurations by administrators who failed to set their pages as private on the site's permission page.
In addition to his original blog post, Harvard Business School professor and security researcher Ben Edelman offered a four-point rebuttal to Google's response. Among other things, Edelman took issue with the fact that administrators were ill advised due to ambiguous design on the part of JotSpot. However this turns out, there is little doubt that accidental exposure is one of the risks inherent to cloud computing. I suppose this is an area to watch out for, especially with Microsoft's launch of its Azure cloud-based operating system in the second half of 2009.
To read more about Google's JotSpot:
- check out this article at CNETNews.com