Educause Security Discussion mailing list archives
Re: Google Docs abuse
From: Tracy Mitrano <tbm3 () CORNELL EDU>
Date: Mon, 23 Jul 2012 18:20:43 +0000
Let me know when you get a live person on the phone at Google, that feat alone is worth mentioning in my experience! Tracy On Jul 21, 2012, at 2:49 AM, Dan Han wrote: I agree that Google should notify Google Apps administrators and perhaps even delegate certain management rights, such as disabling a form hosted within the institution, to the local Google Apps admin, but do we know whether if Google actually notifies App administrators of affected institutions, or whether if the local Google Apps admins have these management capabilities? We are fairly new to Google Apps here, any Google Apps veterans care to chime in? Thanks. -Dan Dan Han Information Security Officer Virginia Commonwealth University On Sat, Jul 21, 2012 at 1:10 AM, Jeffrey Schiller <jis () mit edu<mailto:jis () mit edu>> wrote: On Fri, Jul 20, 2012 at 5:03 PM, Bob Bayn <bob.bayn () usu edu<mailto:bob.bayn () usu edu>> wrote: ... It also seems like Google should have the tools and capacity to intervene automatically when someone makes a form that looks like a password collector. Or they could send us the entries for our domain when they decide to respond to an abuse complaint. Having Google automatically intervene when something "looks" like a password collector would be a horrible precedent. They should investigate forms when an abuse complaint is made. If the complaint is for an "apps" domain they should notify the administrator, which should respond in some reasonable period of time. If Google has multiple complaints about a particular Apps domain, and that domain's administrator(s) fail to respond, then they should take action. That action should be spelled out in the contract for the Apps domain. We should not expect someone (or worse, someTHING) at Google to act as prosecutor, judge, jury and executioner. Just as we don't give the police that power in the non-cyber world. Yes, this means that some phishing sites will be up for longer then we might like, but that ultimately is the cost of due process. Because this is a security list, we should remember that one of the important security goals is "availability". Google should not make your services unavailable without careful consideration. -Jeff -- _______________________________________________________________________ Jeffrey I. Schiller Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room E17-110A Cambridge, MA 02139-4307 617.253.0161<tel:617.253.0161> - Voice jis () mit edu<mailto:jis () mit edu> http://jis.qyv.name<http://jis.qyv.name/> _______________________________________________________________________
Current thread:
- Google Docs abuse Dan Han (Jul 20)
- Re: Google Docs abuse Jeffrey Schiller (Jul 20)
- Re: Google Docs abuse Bob Bayn (Jul 20)
- Re: Google Docs abuse Jeffrey Schiller (Jul 20)
- Re: Google Docs abuse Dan Han (Jul 20)
- Re: Google Docs abuse Tracy Mitrano (Jul 23)
- Re: Google Docs abuse Jacob Steelsmith (Jul 24)
- Re: Google Docs abuse Jeffrey Schiller (Jul 20)