Like many security experts, I use various hardware, operating systems, and web browsers. Tonight, for example, I did some surfing with Opera-U3 running on Windows 2000 under a VMware session inside my laptop via a T-Mobile wireless card.

Suddenly a warning message pops up on the screen. “[SANS.org] is using an outdated encryption method which is no longer classified as secure. It cannot sufficiently protect sensitive data. Do you wish to continue?”

You gotta love the irony of a computer security website that lacks security.

I switched over to the VMware session where I keep my calendar appointments. First I set aside four hours on 31 March to “generate a ‘collision’ certificate for SANS.org.” Then I set aside one hour on April Fool’s Day to “issue the ‘collision’ certificate you generated.”

Then I switched back and clicked “Yes” so I could continue surfing at SANS.org. Man, I can’t wait for April Fool’s Day…