Knowledge is power
The good folks over at The Hacker News have pointed out that it’s easy to make a Google Calendar public for all to see. This capability can be amazingly powerful. Millions of organizations and people use this feature for all kinds of valid reasons - share a calendar of events on a website for example.
Recently security researches tested this out and found some interesting results.
What I found is that — Using a single Google dork (advance search query), I am able to list down all the public google calendar or users who all have set their calendar as public. I found dozens of calendars which are indexed by google’s search engines, revealing or disclosing several sensitive information. It provided me access to private information about the company’s meetings, interviews, events, internal information, presentation links, locations, etc - Avinash Jain
How does an organization know if they’re exposed?
Thankfully - as usual - there’s an app for that! Enter our trusted service, the General Audit Tool (GAT). GAT has been around as long as I can remember (Umzuzu’s been working with Google Calendar for 10+ years). Know exactly what’s happening inside your Google Domain. Report on user behaviour in all G Suite areas, measure performance, give accurate measures of collaboration, identify user adoption, flag strange or unusual behaviour, generate statistical analyses and record and report data for all time.
Public calendar discovery couldn’t be any easier and more importantly - removing public sharing is just as easy as finding the exposure. Discover and take action in a few clicks!
GAT enables full domain-wide automatic calendar discovery and exposure classification!