Google and Growing Security Risks

A couple of security vulnerabilities with Google lately illustrated how serious HTML injection, cross-site scripting and cookie theft can be... when the cookie is the Google cookie. This got some of us thinking. Let me start out by saying that I think Google's security, past and present, is very good. HTML injections are very common on many websites, but very rare on Google's server. (Plus, all of this is not a Google-specific problem; it's the problem of any future web office, or "web operating system" - nevermind who's implementing it.) However, it starts to show that Google, by integrating more and more services on Google.com*, all able to share the same Google Account sign-in, is also exposing its users to growing risks. (The exploits mostly require us to visit a specific URL - but who really checks every Google URL they visit, only "trusting" whatever they bookmarked?) And no security team is perfect; if we'd hypothetically assume a 95% security on average web applications, and a top-notch 99.99% perfect security on Google web applications, that still leaves us with that remaining 0.01% chance people can inject code into Google to get hold of your Google cookie, and then access some of your Google data. At this moment, much of the data Google stores for us seems trivial. Who's really using Google Docs & Spreadsheets for important data? Well, I know some of us are, but not that many yet. Also, many Google services only expose rather non-sensitive data on you in the first place; your Google Reader reading habits, or which modules you included on the personalized Google homepage, are probably nothing top secret. Some services, on the other hand, contain very private information - like Gmail, which interestingly enough was seemingly successful in providing cookie theft counter-measurements. Or your Google search history. What I think may be more important than single security incidents though (except for their ability to educate us on the problem) is the general architecture of the "Google Office" - its potential future risks, once more of our data is contained within it, and once more of its services are cross-integrated (for example, the integration of Gmail onto the personalized homepage resulted in an additional privacy problem when someone was able to reproduce your Google Account cookie). In fact, now may be the last good time to discuss these things before the Google Office goes into production full steam. Today, it almost seems as if every single product team in the Googleplex has the "power" to accidentally introduce a Google Account risk with an HTML injection hole, or another kind of cross-site scripting issue. An exotic previous post) was at least the second XSS hole found with Google Base - I saw the full exploit posted in a by-the-way comment on Digg (while it was still unfixed), among other places -, 55 Ways to Have Fun With Google, shares his views & news on the search industry in the daily