April Fools Day has always been a fun day for technology people, especially online. It seems to have become even more so for security people, as every April 1st the security mailing lists get hit with lots of April Fools advisories, fake tool releases, fake announcements from big projects and organizations like Metasploit and the EFF, fake RFC standards, and just an overall flood of craziness.
Of course I have to contribute, so every year I put out an April Fool’s security advisory. The one I released this year was entitled Window Transparency Information Disclosure.
Apparently, so far this year, mine is Bruce Schneier’s favorite, which he noted on his blog. Something I always try to accomplish with my April Fools advisories is to make them believable while still being fairly ridiculous. One of the comments to Schneier’s blog post by “Alex” points out the legitimacy of the vulnerability described in my advisory and calls into question whether or not it is actually an April Fool’s joke, which is exactly the reaction I always shoot for (:
You can find the definitive list of online April Fools jokes for 2007 here.