Network News

X My Profile
View More Activity

A Word of Caution About Google Calendar

I've been playing around with Google Calendar, a beta service from the search-engine giant that lets users store -- and share -- calendar data online. It's a great Web-based tool, but in experimenting with it I found that far too many people are using Google Calendar without fully understanding how to protect their personal information.

Since security is what this blog is all about, I plugged "password" into a search of Google Calendar's public events, and within the first few pages of results found a username and password for a credit report account at TransUnion. The credentials belonged to Douglas Kerr, a network administrator for a software company in Charlotte, N.C. Kerr said he'd been experimenting with Google Calendar for a few weeks, but had no idea that he'd imported that record into the application.

"During an experiment to learn how to sync a personal calendar across the Internet to that Google calendar and back, I unknowing synced sensitive information to it," Kerr said. "I use Linux exclusively at home, which makes a task such as this more challenging than normal, and that is the only excuse I have for making such a silly mistake."



Been looking for help with that bug in your YouTube API project? Thanks to this Google Calendar user, you can get the access you need. (post.com)

Kerr wasn't alone among technically proficient people who wound up posting private information on Google Calendar. Searching events for "passcode" produced hundreds of entries featuring toll-free conference lines and numeric codes used by various companies and their employees. My favorite was an entry entitled "United Airlines Morning ISD Event Call," which employees apparently use every morning "to report on issues that concern the Windows Engineering group." (This particular calendar item has since been deleted.)

Some Google Calendar users posted vacation dates and jury duty -- just the kind of information that might be useful to a crook hoping to drop by your house while you're away. Some of the posts I saw along these lines included handy Google maps showing where the person lived. How convenient.



Angry that Apple only picked one wireless provider for its new iPhone? Dial in and let them know. (post.com)

Maybe you can't afford an iPhone, but here's your chance to at least be on the phone with Apple, by tuning in to their weekly Monday 2 PST conference calls.

Searching for "poker game" turned up a number of friendly neighborhood house games -- again -- complete with maps to the host's home. Those might be of interest to local law enforcement, or even local thieves who'd like nothing more than to crash the party and steal the pot.



Poker, anyone? The Minnesota organizer better hope the cops aren't searching Google Calendar. (post.com)

A search for "routine maintenance" produced some eyebrow-raisers. If you wanted to break into a company, what better way than to impersonate the repair guy? Worse yet, if a crook knows exactly when the repair guy is supposed to show up, he can call ahead and move up the appointment.

I especially liked this Google Calendar entry (screenshot to left), which lists the times and dates that engineers are expected to come by and apply software patches to database computers on the company's network.



This listing tells us when a big software upgrade will occur at a North Carolina location. (post.com)

By default, Google does not share your calendar entries with the rest of the Internet unless you actively choose to make your calendar public. The examples above generally arise from people who have chosen to share their calendars but neglected to make certain events private, or to select a certain few individuals who are permitted to have access to the entries.

By Brian Krebs  |  July 6, 2007; 6:00 AM ET
Categories:  Fraud , From the Bunker , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Terrorism's Hook Into Your Inbox
Next: Scammers Play Robin Hood to Test Stolen Credit Cards

No comments have been posted to this entry.

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company