Pwnie Awards

The Pwnie Awards recognize both extreme excellence and incompetence in the field of information security. Winners are selected by a committee of security industry luminaries from nominations collected from the information security community. The awards are presented yearly at the Black Hat Security Conference.

1 Origins
2 History
3 Categories
4 Previous winners
- 4.1 2010
- 4.2 2009
- 4.3 2008
- 4.4 2007
5 References
6 External links

Origins

The name Pwnie Award is based on the word 'pwn', which is hacker-slang meaning "to compromise" or to "control" based on the previous usage of the word "own" (and it is pronounced similarly). The name "The Pwnie Awards" is meant to sound like The Tony Awards, an awards ceremony for Broadway Theater in New York City.

History

The Pwnie Awards were founded in 2007 by Alexander Sotirov and Dino Dai Zovi following discussions regarding Dino's discovery of a cross-platform QuickTime vulnerability and Alexander's discovery of an ANI file processing vulnerability in Internet Explorer.

Previous winners

2010

Best Server-Side Bug: Apache Struts2 framework remote code execution (CVE-2010-1870) Meder Kydyraliev
Best Client-Side Bug: Java Trusted Method Chaining (CVE-2010-0840) Sami Koivu
Best Privilege Escalation Bug: Windows NT #GP Trap Handler (CVE-2010-0232) Tavis Ormandy
Most Innovative Research: Flash Pointer Inference and JIT Spraying Dionysus Blazakis
Lamest Vendor Response: LANrev remote code execution Absolute Software
Best Song: "Pwned - 1337 edition" Dr. Raid and Heavy Pennies
Most Epic Fail: Microsoft Internet Explorer 8 XSS filter

2009

Best Server-Side Bug: Linux SCTP FWD Chunk Memory Corruption (CVE-2009-0065) David 'DK2' Kim
Best Privilege Escalation Bug: Linux udev Netlink Message Privilege Escalation (CVE-2009-1185) Sebastian Krahmer
Best Client-Side Bug: msvidctl.dll MPEG2TuneRequest Stack buffer overflow (CVE-2008-0015) Ryan Smith and Alex Wheeler
Mass 0wnage: Red Hat Networks Backdoored OpenSSH Packages (CVE-2008-3844) Anonymous
Best Research: From 0 to 0day on Symbian Credit: Bernhard Mueller
Lamest Vendor Response: Linux "Continually assuming that all kernel memory corruption bugs are only Denial-of-Service" Linux Project
Most Overhyped Bug: MS08-067 Server Service NetpwPathCanonicalize() Stack Overflow (CVE-2008-4250) Anonymous
Best Song: Nice Report Doctor Raid
Most Epic Fail: Twitter Gets Hacked and the "Cloud Crisis" Twitter
Lifetime Achievement Award: Solar Designer

2008

Best Server-Side Bug: Windows IGMP Kernel Vulnerability (CVE-2008-0069) Alex Wheeler and Ryan Smith
Best Client-Side Bug: Multiple URL protocol handling flaws Nate McFeters, Rob Carter, and Billy Rios
Mass 0wnage: An unbelievable number of WordPress vulnerabilities
Most Innovative Research: Lest We Remember: Cold Boot Attacks on Encryption Keys (honorable mention was awarded to Rolf Rolles for work on virtualization obfuscators) J. Alex Halderman, Seth Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph Calandrino, Ariel Feldman, Rick Astley, Jacob Appelbaum, Edward Felten
Lamest Vendor Response: McAfee's "Hacker Safe" certification program
Most Overhyped Bug: Dan Kaminsky's DNS Cache Poisoning Vulnerability (CVE-2008-1447)
Best Song: Packin' the K! by Kaspersky Labs
Most Epic Fail: Debian's flawed OpenSSL Implementation (CVE-2008-0166)
Lifetime Achievement Award: Tim Newsham

2007

Best Server-Side Bug: Solaris in.telnetd remote root exploit (CVE-2007-0882), Kingcope
Best Client-Side Bug: Unhandled exception filter chaining vulnerability (CVE-2006-3648) skape & skywing
Mass 0wnage: WMF SetAbortProc remote code execution (CVE-2005-4560) anonymous
Most Innovative Research: Temporal Return Addresses, skape
Lamest Vendor Response: OpenBSD IPv6 mbuf kernel buffer overflow (CVE-2007-1365)
Most Overhyped Bug: MacBook Wi-Fi Vulnerabilities, David Maynor
Best Song: Symantec Revolution, Symantec

References

External links

The Pwnie Awards