All the latest UK technology news, reviews and analysis
|
|
|
04 Apr 2007
An April Fool's joke that aimed to expose sensational media coverage and educate non-security experts failed to find any victims.
A self-proclaimed group of hackers set up The Week Of Vista Bugs website that promised to report an unpatched Vista bug every day this week.
Further reading
Pioneered by security researcher H D Moore last summer, projects aiming to uncover vulnerabilities every day for a week or a month have proved a powerful way to direct the public's attention to security issues in certain applications.
Applications targeted by such daily security disclosures included browsers, Apple's OS X, Oracle software and MySpace.
"Education is an important step to consider in security. People have, as experts do, to rely on real facts, things they can verify," the group warned on a website where they exposed their hoax.
The Week of Vista Bugs issued its first 'security alert' on Monday, warning people against an allegedly critical flaw that offered a way to bypass the firewall in Vista.
The alert was riddled with technical lingo, but the educated reader would have been able to see through the hoax.
Apparently most media saw through it as well. Google News does not list a single English media outlet that picked up the report.
The report was noticed by vnunet.com, but was not published. As part of our standard fact-checking procedures, vnunet.com contacted Microsoft on Monday with a request for comment on the reported flaw.
The company issued a generic public relation statement, but did not expose the report as a hoax.
A Microsoft spokesperson said on Monday that the Microsoft Security Research Center is "aware of 'The Week of Vista Bugs' project in which details about possible issues affecting Windows Vista will be publicly disclosed.
"As always, the Microsoft Security Response Center will stand ready to mobilise its teams to investigate, fix and learn from any vulnerabilities discovered through the project, and take appropriate action to protect its customers as needed."
The person responsible for the hoax said that Microsoft did not contact the team.
Symantec flagged the report in its DeepSight subscription-based threat management alert network. But researchers for the company warned that the report failed to prove the claimed flaws.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Java Developer - Belfast - Banking Skills: Core Java...
I am recruiting for a Shared Accounting Service Manager...
QA Tester/Automation Tester - C# .NET Agile, Epsom, Surrey...
3RD LINE EXCHANGE 2010 / 2003, QUEST, LONDON, GLOBAL...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Get a clue
How exactly did Microsoft fall for the hoax? It looks like you're the one that is looking for for sensational posts while failing to apply basic logic. The fact that Microsoft didn't "exposed" the hoax doesn't mean that Microsoft fell for it.
Posted by: MF 04 Apr 2007