Pwnie Awards

Pwnie Award, resembling a My Little Pony toy.[1]

The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community.[2] The awards are presented yearly at the Black Hat Security Conference.[3]

Origins

The name Pwnie Award is based on the word "pwn", which is hacker slang meaning "to compromise" or to "control" based on the previous usage of the word "own" (and it is pronounced similarly).[3] The name "The Pwnie Awards" is meant to sound like The Tony Awards, an awards ceremony for Broadway Theater in New York City.

History

The Pwnie Awards were founded in 2007 by Alexander Sotirov and Dino Dai Zovi[2] following discussions regarding Dino's discovery of a cross-platform QuickTime vulnerability and Alexander's discovery of an ANI file processing vulnerability in Internet Explorer.

Winners

2013

2012

The award for best server-side bug went to Sergey Golubchik for his MySQL authentication bypass flaw.[4][5] Two awards for best client-side bug were given to Sergey Glazunov and Pinkie Pie for their Google Chrome flaws presented as part of Google's Pwnium contest.[6][4]

The award for best privilege escalation bug went to Mateusz Jurczyk ("j00ru") for a vulnerability in the Windows kernel that affected all 32-bit versions of Windows.[4][5] The award for most innovative research went to Travis Goodspeed for a way to send network packets that would inject additional packets.[4][5]

The award for best song went to "Control" by nerdcore rapper Dual Core.[4] A new category of award, the "Tweetie Pwnie Award" for having more Twitter followers than the judges, went to MuscleNerd of the iPhone Dev Team as a representative of the iOS jailbreaking community.[4]

The "most epic fail" award was presented by Metasploit creator HD Moore to F5 Networks for their static root SSH key issue, and the award was accepted by an employee of F5, unusual because the winner of this category usually does not accept the award at the ceremony.[6][4] Other nominees included LinkedIn (for its data breach exposing password hashes) and the antivirus industry (for failing to detect threats such as Stuxnet, Duqu, and Flame).[5]

The award for "epic 0wnage" went to Flame for its MD5 collision attack,[6] recognizing it as a sophisticated and serious piece of malware that weakened trust in the Windows Update system.[5]

2011

2010

2009

2008

2007

References

  1. Rashid, Fahmida Y. (August 2, 2011). "Pwnie Awards Nominees in 2011 Include Sony, Anonymous, LulzSec, WikiLeaks". eWeek. Retrieved January 3, 2013.
  2. 2.0 2.1 2.2 2.3 Buley, Taylor (July 30, 2009). "Twitter Gets 'Pwned' Again". Forbes. Archived from the original on February 16, 2013. Retrieved January 3, 2013.
  3. 3.0 3.1 3.2 3.3 3.4 3.5 3.6 Sutter, John D. (August 4, 2011). "Sony gets 'epic fail' award from hackers". CNN. Retrieved January 3, 2013.
  4. 4.0 4.1 4.2 4.3 4.4 4.5 4.6 Sara Yin (July 26, 2012). "And Your 2012 Pwnie Award Winners Are...". SecurityWatch. PCMag. Retrieved January 8, 2013.
  5. 5.0 5.1 5.2 5.3 5.4 Lucian Constantin (July 26, 2012). "Flame's Windows Update Hack Wins Pwnie Award for Epic Ownage at Black Hat". IDG-News-Service. PCWorld. Retrieved January 8, 2013.
  6. 6.0 6.1 6.2 Sean Michael Kerner (July 25, 2012). "Black Hat: Pwnie Awards Go to Flame for Epic pwnage and F5 for epic fail". InternetNews.com. Retrieved January 8, 2013.
  7. 7.0 7.1 7.2 7.3 7.4 7.5 7.6 7.7 Schwartz, Mathew J. (August 4, 2011). "Pwnie Award Highlights: Sony Epic Fail And More". InformationWeek. Retrieved January 3, 2013.
  8. 8.0 8.1 8.2 Brown, Bob (July 31, 2009). "Twitter, Linux, Red Hat, Microsoft "honored" with Pwnie Awards". NetworkWorld. Retrieved January 3, 2013.
  9. 9.0 9.1 9.2 Naone, Erica (August 7, 2008). "Black Hat's Pwnie Awards". MIT Technology Review. Retrieved January 3, 2013.
  10. 10.0 10.1 10.2 10.3 10.4 10.5 Naraine, Ryan (August 2, 2007). "OpenBSD team mocked at first ever 'Pwnie' awards". ZDNet. Retrieved January 3, 2013.

External links