New horizons hacking in Google Calendar
Not so long ago, we wrote that thanks to the new opportunity to share events in the Google Calendar, it became possible to get important corporate information. It turns out that in addition to these data, you can get logins with passwords that users leave in the calendar for reminders.
This scheme works very simply: you just need to enter in the search for public events phrases like "username password", "user password". On the first search query, the login and password for the GMail account is opened on the top line of the results in front of us. And such examples are far from isolated.
The problem is that, despite the flexibility to configure access to the calendar (allow viewing by individual users, everyone, or anyone), people are too lazy to add those who they want to open their calendar to the list of allowed users - they simply make it public.
')
True Google has nothing to do with it: before you make the calendar public, a warning pops up which clearly indicates that the events will be available for search.
This scheme works very simply: you just need to enter in the search for public events phrases like "username password", "user password". On the first search query, the login and password for the GMail account is opened on the top line of the results in front of us. And such examples are far from isolated.
The problem is that, despite the flexibility to configure access to the calendar (allow viewing by individual users, everyone, or anyone), people are too lazy to add those who they want to open their calendar to the list of allowed users - they simply make it public.
')
True Google has nothing to do with it: before you make the calendar public, a warning pops up which clearly indicates that the events will be available for search.
Source: https://habr.com/ru/post/7447/
All Articles