Startup Meme and Chris Pirillo report that quite a few people have made login credentials of theirs public via Google Calendar event descriptions, which can now be found by searching for public events for e.g. “username password�. When you create a calendar with Google, you have the options “do not share with everyone� (default) and “share all information on this calendar with everyone� (which additionally triggers a confirmation dialog). However, when people add certain events to public calendars, it may be that they’ve forgotten they once made the calendar public. Maybe Google needs to put a more visible icon next to public calendars as a reminder, or always trigger a confirmation when you add an event to a public calendar, but this is not a Google Calendar security vulnerability – it’s user misconfiguration, similar to when you e.g. create a blog post with information that ought to be secret, and then someone searches Google for “password username�.
If you have a calendar, make sure you remember its privacy settings – one way to do so would be to add the word “Public� to the titles of your public calendar.
Source:? Bilal Hameed! | Google Blogoscoped
Google, Google Calendar, Login Credentials, Security Notice
TrackBack URI Leave a comment »