A decision by Oxford University to temporarily block access of Google Docs on its campus due to security concerns isn't probably going to sit well with any university students who are Google fans; or with the PR department at Google.
It's not uncommon for universities to be a target for hackers, but, according to Oxford University Computer Services, the university has been fighting phishing-type attacks for the past few years, and they have been seeing an increase of attacks coming through forms created in Google Docs and served up through student and staff email accounts.
This switch in attack vectors is because the university is quick to react to attacks coming from the more traditional avenues by blocking the sites serving up the malware; whereas traffic from Google Docs is considered safe due to the trust we have in Google and that the traffic is encrypted.
Even any reporting of the suspicious forms using the "Report abuse" link at the bottom of each page doesn't guarantee that any action will be taken due to Google's lackluster response to such reporting.
Now Oxford University has found itself in the position of having to block access to Google Docs because of a big increase in phishing attacks against the university staff and students; an action that could have much wider repercussions as other email services like Gmail, Yahoo, and Outlook could begin rejecting emails from Oxford accounts. This could happen because a proportion of the mail is being marked as spam and thereby affecting the university's "reputation".
Due to the fact that almost all of the recent phishing attacks have used Google Docs URLs, the university's computer IT department decided to simply block the service, albeit only temporarily. However, due to the overwhelming reliance on Google products due to the tight integration of Google Docs, they had to remove the block within hours of it being instituted.
Even so, since the danger to users is still there, the university is investigating alternatives as well as contacting Google to try and pressure them into being a lot more responsive regarding the reported abuses.
via The Next Web