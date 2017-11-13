Huddle's 'Highly Secure' Work Tool Exposed KPMG And BBC Files (bbc.com) 1
Chris Foxx, reporting for BBC: The BBC has discovered a security flaw in the office collaboration tool Huddle that led to private documents being exposed to unauthorised parties. A BBC journalist was inadvertently signed in to a KPMG account, with full access to private financial documents. Huddle is an online tool that lets work colleagues share content and describes itself as "the global leader in secure content collaboration." The company said it had fixed the flaw. Its software is used by the Home Office, Cabinet Office, Revenue & Customs, and several branches of the NHS to share documents, diaries and messages. "If somebody is putting themselves out there as a world-class service to look after information for you, it just shouldn't happen," said Prof Alan Woodward, from the University of Surrey. "Huddles contain some very sensitive information."
Why is this even possible? (Score:2)
That just seems odd... 20 milliseconds is a long time when it comes to computers, and having the same "auth code" which can get one user to have another user's token seems like piss-poor design. This never should have been done in the first place.
As someone here loves saying... (Score:1)
The cloud is just someone else's servers.
It's amazing how much people trust other people's servers. Some are good: both google ana amazon for example have a good reputation when it comes to the security of the core infrastructure.
But they are large frequently attacked and have been around a while. It's amazing how much trust people will put in a company that simply talks a good game but doesn't really have anything to back that up.