April Fools!

April Fools Day has always been a fun day for technology people, especially online. It seems to have become even more so for security people, as every April 1st the security mailing lists get hit with lots of April Fools advisories, fake tool releases, fake announcements from big projects and organizations like Metasploit and the EFF, fake RFC standards, and just an overall flood of craziness.

Of course I have to contribute, so every year I put out an April Fool’s security advisory. The one I released this year was entitled Window Transparency Information Disclosure.

Apparently, so far this year, mine is Bruce Schneier’s favorite, which he noted on his blog. Something I always try to accomplish with my April Fools advisories is to make them believable while still being fairly ridiculous. One of the comments to Schneier’s blog post by “Alex” points out the legitimacy of the vulnerability described in my advisory and calls into question whether or not it is actually an April Fool’s joke, which is exactly the reaction I always shoot for (:

You can find the definitive list of online April Fools jokes for 2007 here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: