US administration adds “subliminal” ad to White House website – Naked Security

/in


Hidden messages, features or jokes in apps and websites are commonly known in hacker jargon as easter eggs, because they’re supposed to be found and enjoyed, but they’re not supposed to be immediately obvious.

One of the most famous easter eggs in commercial software history – if not the most complex – was the hidden flight simulator (really!) in Microsoft Excel 97.

How to fly in Excel 97. Open New workbook. Hit F5. Type in L97:X97 [Enter][Tab]. Ctrl-Shift-Click on the Chart Wizard icon. Fly using mouse. Hit [Esc] to end.

Sometimes, amusingly, it wasn’t games hidden in business apps, but business apps hidden in games.

One of the most famous computer games in software history, the first IBM PC version of Tetris, had a hidden spreadsheet as its easter egg, or more accurately as its boss mode.

Boss mode, activated with the boss key, often Ctrl-B or Alt-B so it was quick to type, popped up a more dubious sort of easter egg intended as a decoy.

Boss screens were meant to cover the display instantly with what might just about look like real work if your boss suddenly appeared on the horizon.

Not the most convincing decoy in the world, even for a US company.
Tetris boss screen “spreadsheet” app.

As you can imagine, hidden and undocumented code of this sort is not as common these days, because it’s not a terribly good cybersecurity look.

After all, if there’s a whole flight simulator hidden behind some sort of esoteric incantation involving the keyboard and the mouse (in Word 97, the easter egg was a pinball game), how well was it tested?

How thoroughly was the code reviewed? How official was the process by which the code was added to the source tree? What else was snuck in there by developers and never noticed at all? Did the person who approved the digital signing of the shipped software even know that easter egg code existed? Are customers entitled to official support and patches for the easter egg? If not, why not?

Having said that, even the very latest version of Microsoft Edge contains an openly secret surfing game that you can access by visiting the special URL edge://surf:

Surfing in Edge. (Screen grab from Edge for Linux 89.0.767.0.)
Click the three-lines…

Source…