Microsoft falls for Vista security hoax

By Tom Sanders on Apr 4, 2007 12:18 PM
Filed under Software

April fools joke fails to catch gullible media.

An April fools joke that aimed to expose sensationalistic media and educate non-security experts failed to find any victims.

To get their point across, the self-proclaimed group of hackers set up a that promised to issue an unpatched Vista bug every day this week.

Pioneered by security researcher HD Moore last summer, weeks or months of security vulnerabilities have proven a powerful way to direct the public's attention to security issues in certain applications.

Applications that have been targeted by such daily security disclosures included browsers.

"Education is an important step to consider in security. People have, as experts do, to rely on real facts, things they can verify," the group warned on a website where they exposed their hoax.

The Week of Vista Bugs issued its first security alert issued on Monday, warning people against an allegedly critical flaw that offered a way to bypass the firewall in Windows Vista. The alert was riddled with technical lingo, but the educated reader would have been able to see through the hoax.

Apparently most media saw through it as well. Google News doesn't list a single English media outlet that picked up the report.

The Microsoft Security Research Center "is aware of SECUREINFOS' 'The Week of Vista Bugs' project in which details about possible issues affecting Windows Vista will be publicly disclosed," a company spokesperson said on Monday.

"As always, the Microsoft Security Response Center (MSRC) will stand ready to mobilise its teams to investigate, fix and learn from any vulnerabilities discovered through the project, and the company will take appropriate action to protect its customers, as needed."

The person responsible for the hoax said that Microsoft didn't contact the team.

Symantec in its DeepSight subscription based threat management alert network flagged the report. But researchers for the company cautioned that the report failed to prove the claimed flaws.