Google, Twitter Defend Google Apps, Cloud Computing from TechCrunch

TechCrunch's Michael Arrington takes Google and the cloud computing model to task for a recent personal e-mail breach at Twitter. Google and Twitter defend the security of Google Apps, with other pundits seeking to condemn or defend Google's cloud computing model. The issue rekindles the debate over the security of using Web-based applications in the workplace.

Google and the cloud computing model were the victims of some jibes from popular blog TechCrunch in the wake of a personal e-mail account hack at Twitter.

The attack, centered on the security of Google Apps' password system, rekindled the debate about whether it is safe for businesses to use the Internet to store sensitive documents and forced Google to defend itself, with Twitter coming to Google's aid July 15.

The brouhaha started when TechCrunch came into possession of some 300 documents a hacker named Hacker Croll allegedly swiped from Twitter back in May. The documents contained anything from executive meeting notes and financial projections to such banalities as meal preferences, calendars and phone logs of Twitter employees.

Twitter co-founder Biz Stone confirmed the hack after TechCrunch posted screenshots of some of the documents, adding that the hacker retrieved information from an employee's personal e-mail account, believed to be a Yahoo Mail account.

Twitter has not confirmed this detail, but news Websites CNET and the New York Times claim a weak password recovery system from Yahoo enabled Hacker Croll to access the employee's Google Apps account. This account include Google Docs, Calendars and other Google apps Twitter relies on for sharing notes, spreadsheets, ideas, financial details and more within the company, Stone said.

TechCrunch founder Michael Arrington July 14 suggested the password security for Google Apps was weak, noting in a comment on his blog that "the original security hole seems to be Google, via Google Apps for your Domain. Some passwords were guessed and things started to fall apart from there. Most (or all) of these documents were downloaded from Google's servers."

Less than a day later, Arrington defended his right to publish the documents when he wrote:

""It's not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question. It's not our fault that Twitter stored all of these documents and sensitive information in the cloud and had easy-to-guess passwords and recovery questions. ... Hopefully this situation will encourage Google and Google users to consider more robust data security policies in the future.""

Michael Eisenberg at SeekingAlpha rushed to condemn the security of cloud computing: "The bottom line is that many startups and an increasing number of large companies are using Google Apps for critical company documents. Most of them think that they are living securely. They are not. ... This is a risk for Google going forward and an interesting nod that cloud security companies are needed."