Skip to main content
  1. Home
  2. Computing
  3. News

U.N. security blunder left secret Trello boards, Google Docs exposed

By
Image used with permission by copyright holder

Secretive documents related to the United Nations were left vulnerable to unauthorized access by anyone who stumbled upon the right link, after Trello, Jira, and Google Docs accounts were left improperly configured by staffers. The security gaffe left passwords, organizational documents, and security plans belonging to governments of the United Kingdom and Canada open to the web.

Maybe they should have read our guide on how to use Google Docs.

Recommended Videos

Although each of the unsecured documents did require a unique URL in order to be accessed, that proved far from an effective protective measure when security researcher Kushagra Pathank discovered links to a U.N.-controlled Trello organizational board. In that tool’s ‘card’ system, he went on to find other links to other documents that lead to Google documents and U.N. pages on Jira, an issue-tracking service. These in turn had more links, all of which contained sensitive information. In total, Pathank discovered some 50 boards and documents that he was able to access because of the lack of security options implemented during their setup.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

Some of the information he was eventually able to glean from these documents included access to a remote U.N. FTP server, credentials to log in to a Google and Vimeo account associated with the U.N.’s language and learning program, remote access information for certain U.N.-linked meetings, and detailed information about the U.N. website and its development.

Pathak contacted the U.N. in late August to inform it of the issue. Although, as The Intercept highlights, the organization’s technical department ran into some problems replicating the issue, much of the sensitive content has now been taken down or protected behind security credentials. In a statement to The Intercept, a U.N. spokesperson said that all relevant staff had been warned about trusting third-party tools and services with sensitive information and that they should make necessary precautions to protect such data in the future.

Despite rhetoric to the contrary, Pathak believes that much of these latest security concerns arose simply because leaving boards unsecured is easier than securing them. By not adding users to boards and locking them to authorized accounts only, U.N. staffers were able to share URLs in order to give others access. “Adding people to the board seems to be a huge task for these people, but in fact it is really easy,” Pathak said in a statement.

Jon Martindale
Jon Martindale
Evergreen writer
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Topics

Editors’ Recommendations

Google finally makes sharing easier in Docs and Drive
Google Docs in Firefox on a MacBook.

Google rolled out an update to Docs and Drive today that makes sharing files a little bit simpler. As originally reported by 9to5Google, the new Share menu is considerably smaller, and all of its elements are more compact and better organized.

The first thing you will notice is that "Share with people" and "Get link" have been condensed to one box. In the last version, Sharing with individual people was its own stand-alone box, with another box for link sharing directly beneath it. In the new Share interface, the "Get link" box has been entirely removed, and now you can simply copy the link with the button in the bottom left corner. It's cleaner, removes a lot of needless text, and is far easier to find than before.

Read more
Google just enabled an awesome new feature in Google Docs
Google Docs in Firefox on a MacBook.

Google Docs includes a new feature as of Wednesday which will allow you to highlight more than one selection of text at once in order to perform formatting functions on text more efficiently.

Google detailed on its Workspace Updates blog that users will be able to delete, copy, paste, and add other formatting to multiple sections of text at once

Read more
Google Docs will auto-generate TL;DR summaries for you
Google presenting new Docs features.

Google has announced some updates for Google Docs and other Workspace products at the 2022 edition of the I/O developer conference. Coming soon are new machine learning-powered document summaries, helping you save time and stay more efficient. Also in the works is a similar transcription feature for Google Meet, digestible summaries for Google Chat, as well as new visual video and audio enhancements for Google Meet.

According to Google, this new feature for Docs will add what you can consider a TL;DR summary. It will automatically parse the document and pull out the main parts. This marks a big leap forward for machine learning and natural language processing, per the company. The feature required a deep understanding of long passages and information compression and language generation, which had remained outside the capabilities of machine learning models until today.

Read more