1. Home
  2. Computing
  3. News

U.N. security blunder left secret Trello boards, Google Docs exposed

By
Image used with permission by copyright holder

Secretive documents related to the United Nations were left vulnerable to unauthorized access by anyone who stumbled upon the right link, after Trello, Jira, and Google Docs accounts were left improperly configured by staffers. The security gaffe left passwords, organizational documents, and security plans belonging to governments of the United Kingdom and Canada open to the web.

Maybe they should have read our guide on how to use Google Docs.

Recommended Videos

Although each of the unsecured documents did require a unique URL in order to be accessed, that proved far from an effective protective measure when security researcher Kushagra Pathank discovered links to a U.N.-controlled Trello organizational board. In that tool’s ‘card’ system, he went on to find other links to other documents that lead to Google documents and U.N. pages on Jira, an issue-tracking service. These in turn had more links, all of which contained sensitive information. In total, Pathank discovered some 50 boards and documents that he was able to access because of the lack of security options implemented during their setup.

Some of the information he was eventually able to glean from these documents included access to a remote U.N. FTP server, credentials to log in to a Google and Vimeo account associated with the U.N.’s language and learning program, remote access information for certain U.N.-linked meetings, and detailed information about the U.N. website and its development.

Pathak contacted the U.N. in late August to inform it of the issue. Although, as The Intercept highlights, the organization’s technical department ran into some problems replicating the issue, much of the sensitive content has now been taken down or protected behind security credentials. In a statement to The Intercept, a U.N. spokesperson said that all relevant staff had been warned about trusting third-party tools and services with sensitive information and that they should make necessary precautions to protect such data in the future.

Despite rhetoric to the contrary, Pathak believes that much of these latest security concerns arose simply because leaving boards unsecured is easier than securing them. By not adding users to boards and locking them to authorized accounts only, U.N. staffers were able to share URLs in order to give others access. “Adding people to the board seems to be a huge task for these people, but in fact it is really easy,” Pathak said in a statement.

Editors' Recommendations

Topics
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
What to do if your Intel CPU keeps crashing

Despite being among the best processors you can buy, some high-end Intel CPUs have faced a wave of instability over the past few months. Intel is investigating the problem, but the company and its motherboard partners have already worked toward some temporary fixes to improve stability on high-end Intel CPUs -- even if it comes at a performance cost.

Before getting into the fixes, keep in mind that they are temporary. Intel will release a statement on the instability soon, likely with more direct guidance on what affected users should do. In addition, the scope of the problem isn't clear -- if you're not experiencing issues, you shouldn't have anything to worry about.
Who's affected

Read more
HP Envy deals: HP’s most popular laptop starts at $630

HP is one of the best laptop brands in the laptop space, with a huge selection of laptops to pick from, including some of the best laptops on the market. More specifically, though, the HP lineup is probably at the top when it comes to versatile and relatively well-valued laptops. While there are quite a few variations and configurations of the HP Envy, we've gone ahead and put together the ones that we think will give you the most bang for your buck. That said, if you haven't found something you're specifically looking for, be sure to check out some of these other great laptop deals as well.
HP Envy x360 2-in-1 laptop 15Z-FH000 — $650, was $900

The HP Envy x360 convertible laptop is a great option for just about anyone, particularly anyone who enjoys the touchscreen functionality of a tablet. It’s well designed and super slim, making it a truly go-anywhere device. Despite its portability, it still has an immersive 15.6-inch touchscreen that’s great for creators, note-takers, and binge watchers. Top notch build quality and durability, fast charging technology, a fingerprint reader, and great battery life round out the top features of the HP Envy x360 convertible touchscreen laptop. It competes well with the best 2-in-1 laptops. Its versatility and all-around capability make it a worthy companion on any desk, and on any lap.

Read more
I use these simple printer tips to save money on ink and toner

The cost of a printer can range from under $100 for some good, low-cost inkjet printers to several hundred for the best color laser printers. However, the price you pay upfront doesn’t include paper, and the included ink and toner only lasts so long.

A bargain printer can end up costing you more overall if the cartridges are small and replacements are expensive. Follow these tips to minimize ink, toner, and paper waste, reducing the ongoing expense of using your printer in the long run.
Print in monochrome
Adobe Acrobat's print settings includes a grayscale option. Digital Trends

Read more