It seems it's enough to share a calendar to reveal their entered personal name.
"Ever wondered what name is behind some obscure gmail address? Maybe your preferred gmail address was taken and you’re wondering who took it? Here’s a cute vulnerability in the gmail system that comes from the strong tie-ins between gmail, the google calendar and all the other services." http://blogs.securiteam.com/index.php/archives/1113 |
A comment posted to SecuriTeam entry says the vulnerability mentioned doesn't work any more: http://blogs.securiteam.com/index.php/archives/1113#comment-517248 |
Is there any information if this issue still exists? |
NO I have not heard about any more vectors to this scenario |
#Toke, on July 17th, 2008 at 4:18 pm Said: The same thing does happen with google maps when you invite someone to a map.
#Bellagh, on July 17th, 2008 at 5:57 pm Said: Awesome, thanks! I had wondered who had the gmail account I wanted, and I just found his/her name this way. The person did not have a Google calendar and I chose not to “invite,” but when I saved and went back to manage calendar, there was the name.
http://blogs.securiteam.com/index.php/archives/1113
|
There's more to this, but I'll try contact Google first... |
Very good to know that Google's awareness has been confirmed during the weekend. |