Feeds

Pwnie Awards celebrate best and worst of security

Showcasing the maddest skillz

Choosing a cloud hosting partner with confidence

Organisers of the security world's Oscars, the Pwnie Awards, have announced the nominees for the second annual awards.

The Pwnies celebrate both the achievements and failures in security research and the wider IT security scene, so they are best thought of as a mixture of the Razzies, which recognise the worst in Hollywood, and the Oscars. The list of 37 nominees for the nine Pwnie Award categories will be narrowed down to winners by the judges, who will meet at an undisclosed location in order to decide the winners, before an awards ceremony at the Black Hat conference in Las Vegas on 6 August.

The list of nominees was narrowed from 134 submissions in categories including best client-side bug, most innovative research, lamest vendor response and most epic FAIL. Nominees in the bug category include URI protocol handler flaws, a class of flaw that put competing browser and application vendors at loggerheads in blaming others for vulnerabilities, the infamous Safari carpet-bombing bug and Apple's QuickTime media player application. QuickTime gets recognition as a result of numerous flaws with the application over the last 12 months.

In the Mass Ownage category the crippled OpenSSL random number generator in Debian, which resulted in the production of weak SSL and SSH keys, heads the nominations. SQL injection attacks, which became a preferred tactic for hackers to plant malware on vulnerable websites, also get a nod.

Security research and notable bugs are recognised in other award categories. Recent research in cold boot attacks on encryption keys will fight it out in the most innovative security research division with Rolf Rolles's research on virtualisation and security.

Lame Flame

Plenty of attention is likely to focus on the lamest vendor response award. McAfee's unimpressive answer to flaws in its "Hacker Safe" certification programme earns a dishonorable mention alongside NXP's decision to sue researchers who broke the security of its Mifare Classic smart cards. NXP's litigious response makes it the odds-on favourite to pick up the award, sparing Linus Torvalds, whose security-themed rant earlier this month earned him a nod.

Well-known security researcher Dan Kaminsky makes an appearance in several categories including the overhyped vulnerability slot, where the much publicised but still unspecified DNS cache poisoning vulnerability gets a mention. There might as well be no other nominees in the category since Kaminsky is a shoo-in for the award, in our book at least.

Momentous screw-ups (AKA epic fails) make up a more competitive category. Debian, for supplying a vulnerable OpenSSL library without realising it for two years, competes in this category against Todd Davis, the hapless Lifelock chief exec, whose anti-fraud service failed to protect him after he posted his social security number on the web. Intriguingly Windows Vista also gets a mention in this category for "proving security doesn't sell" and may be the dark horse for recognition here.

Former professional football players traditionally retire to manage pubs. Most hackers who have the "personality of a supermodel who does discrete mathematics for fun" go off to run coffee shops or some such so it's only fair the Pwnie Awards also include a Lifetime Achievement Award category. Dan Geer, who was fired by @stake after writing a paper about the risks on the lack of diversity in software established by Microsoft's dominant position, earns a nod in this category.

The full list of runners and riders for the Pwnie Awards can be found here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.