I don't even know what to call this post. I'm still shaking my head in amazement. Last week I posted about the Google Calendar Leak and just told everyone to be careful. I didn't think much more about it then yesterday I was listening to Pauldotcom Security Weekly and they were talking about it. Larry was giving examples of searches that he had done and talking about the information that was found. So this morning I logged into my Google Calendar account and started searching for key words and looking at the information that was divulged. At first I just laughed at the little things that I saw. Conference call numbers, names, agendas, etc... A potential hackers paradise or Social Engineers dream.
As I looked more and refined my search a little more I found LOTS of other interesting things. Full names and addresses of companies and employees, Network addressing schemes, dates for upgrades and changes to security and network devices, etc... and these were posted by the supposed network and security teams!!!!!!!!!!!!! I think my head is going to explode!!!!!!!!!!!!!
As I was looking at some of the calendar entries I noticed links to wiki's and other sites that were tauted to have more details and information that the participants needed to review to get ready for the meetings. Then it hit me. What if someone decided to post a fake entry that had links to sites that hosted malware. Then someone, maybe a malcontent or maybe a security professional, is checking this out and they decide to see what other info is out there. Next thing you know you are compromised.
Security's Everyman
Thursday, April 26, 2007
???????
Posted by Andy, ITGuy at 6:28 AM
Labels: Andy ITGuy, google calendar, information security, Pauldotcom.com
Subscribe to:
Post Comments (Atom)
1 comment:
Amazing, no? The web is just not going to become a safer place for a long time...both for users and the data they throw around.
And I know you know better about UE and all. I was being picky and ornery yesterday. :)
Post a Comment