Pwnie Awards
The Pwnie Awards recognize both extreme excellence and incompetence in the field of information security. Winners are selected by a committee of security industry luminaries from nominations collected from the information security community. The awards are presented yearly at the Black Hat Security Conference.
Origins
The name Pwnie Award is based on the word 'pwn', which is hacker-slang meaning "to compromise" or to "control" based on the previous usage of the word "own" (and it is pronounced similarly). The name "The Pwnie Awards" is meant to sound like The Tony Awards, an awards ceremony for Broadway Theater in New York City.
History
The Pwnie Awards were founded in 2007 by Alexander Sotirov and Dino Dai Zovi following discussions regarding Dino's discovery of a cross-platform QuickTime vulnerability and Alexander's discovery of an ANI file processing vulnerability in Internet Explorer.
Categories
As of 2010, Pwnies are awarded in the following categories:
- Pwnie for Best Server-Side Bug
- Pwnie for Best Client-Side Bug
- Pwnie for Best Privilege Escalation Bug
- Pwnie for Most Innovative Research
- Pwnie for Lamest Vendor Response
- Pwnie for Best Song
- Pwnie for Most Epic FAIL
Previous winners
2010
- Best Server-Side Bug: Apache Struts2 framework remote code execution (CVE-2010-1870) Meder Kydyraliev
- Best Client-Side Bug: Java Trusted Method Chaining (CVE-2010-0840) Sami Koivu
- Best Privilege Escalation Bug: Windows NT #GP Trap Handler (CVE-2010-0232) Tavis Ormandy
- Most Innovative Research: Flash Pointer Inference and JIT Spraying Dionysus Blazakis
- Lamest Vendor Response: LANrev remote code execution Absolute Software
- Best Song: "Pwned - 1337 edition" Dr. Raid and Heavy Pennies
- Most Epic Fail: Microsoft Internet Explorer 8 XSS filter
2009
- Best Server-Side Bug: Linux SCTP FWD Chunk Memory Corruption (CVE-2009-0065) David 'DK2' Kim
- Best Privilege Escalation Bug: Linux udev Netlink Message Privilege Escalation (CVE-2009-1185) Sebastian Krahmer
- Best Client-Side Bug: msvidctl.dll MPEG2TuneRequest Stack buffer overflow (CVE-2008-0015) Ryan Smith and Alex Wheeler
- Mass 0wnage: Red Hat Networks Backdoored OpenSSH Packages (CVE-2008-3844) Anonymous
- Best Research: From 0 to 0day on Symbian Credit: Bernhard Mueller
- Lamest Vendor Response: Linux "Continually assuming that all kernel memory corruption bugs are only Denial-of-Service" Linux Project
- Most Overhyped Bug: MS08-067 Server Service NetpwPathCanonicalize() Stack Overflow (CVE-2008-4250) Anonymous
- Best Song: Nice Report Doctor Raid
- Most Epic Fail: Twitter Gets Hacked and the "Cloud Crisis" Twitter
- Lifetime Achievement Award: Solar Designer
2008
- Best Server-Side Bug: Windows IGMP Kernel Vulnerability (CVE-2008-0069) Alex Wheeler and Ryan Smith
- Best Client-Side Bug: Multiple URL protocol handling flaws Nate McFeters, Rob Carter, and Billy Rios
- Mass 0wnage: An unbelievable number of WordPress vulnerabilities
- Most Innovative Research: Lest We Remember: Cold Boot Attacks on Encryption Keys (honorable mention was awarded to Rolf Rolles for work on virtualization obfuscators) J. Alex Halderman, Seth Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph Calandrino, Ariel Feldman, Rick Astley, Jacob Appelbaum, Edward Felten
- Lamest Vendor Response: McAfee's "Hacker Safe" certification program
- Most Overhyped Bug: Dan Kaminsky's DNS Cache Poisoning Vulnerability (CVE-2008-1447)
- Best Song: Packin' the K! by Kaspersky Labs
- Most Epic Fail: Debian's flawed OpenSSL Implementation (CVE-2008-0166)
- Lifetime Achievement Award: Tim Newsham
2007
- Best Server-Side Bug: Solaris in.telnetd remote root exploit (CVE-2007-0882), Kingcope
- Best Client-Side Bug: Unhandled exception filter chaining vulnerability (CVE-2006-3648) skape & skywing
- Mass 0wnage: WMF SetAbortProc remote code execution (CVE-2005-4560) anonymous
- Most Innovative Research: Temporal Return Addresses, skape
- Lamest Vendor Response: OpenBSD IPv6 mbuf kernel buffer overflow (CVE-2007-1365)
- Most Overhyped Bug: MacBook Wi-Fi Vulnerabilities, David Maynor
- Best Song: Symantec Revolution, Symantec
References
External links