Someone sent over an interesting issue that I hadn’t seen before. Due to the way people use Google’s calendaring function they are vulnerable to having corporate information leaked - including intranet addresses, dial-in information (including passcodes) as well as anything else they type in. Pretty scary actually as I think most of the people using this think their information is private somehow:
Inspired by http://johnny.ihackstuff.com/ghdb.php I decided to type “passcode intranet” on Google Calendar public search. one of the result is
*Internal Communication Weekly Meeting*
Moderator passcode: 2859485
Participant passcode: 874129
Local - UK, London: +44 (0)20 7784 1013
Local - USA, New York: +1 718 354 1113*
Openly telling ppl about passcode, intranet sites etc.
Not so good. This is pretty much exactly the kind of recon necessary to start doing industrial espionage. Weekly meetings that discuss key internal information? Not looking good. Sometimes you see major leaks in the least likely places. In fact, if you search for some of these key words in other corporate acceptable social networking sites, I bet you’d find a lot of the same issues. Nice find!