Feeds

Snowden picks up 'Epic 0wnage' gong in Vegas... well, not literally

And Barnaby Jack wins posthumous lifetime achievement Pwnie

SANS - Survey on application security programs

Security researcher Barnaby Jack, famous for his "jackpot" hack on ATMs, which forced them to spit out cash, has won a lifetime achievement award less than a week after his death.

The honour was announced yesterday at the Pwnie awards, Infosec's equivalent to the Oscars.

Jack, 35, died last Thursday just days before he was due to give a talk on electronic medical implants for humans at Black Hat. The slot at the Las Vegas conference was left open, allowing friends and colleagues to gather together and swap anecdotes about the famed white hat hacker.

Chris Valasek, director of security intelligence at IOActive – where Jack had worked as director of embedded device security – paid tribute to the famed ATM and medical device ethical hacker during the award ceremony.

Friends of Barnaby Jack have set up a fund which aims to raise $25,000, with donations thus far topping $13,000. "While there are no words to ever fully capture the man that Barnaby was, this fund is here to address any needs that the family may have and allow them to choose the way in which they feel best honors their beloved son," a statement on the donation page explains.

The Pwnie awards take place each year at the Black Hat conference, celebrating both the best and worst in the field of information security.

NSA leaker Edward Snowden unsurprisingly won the Pwnie for "Epic 0wnage" at this year's ‪ceremony.‬ General Keith Alexander, director of the NSA, who delivered to opening conference keynote, was mischievously named at the joint nominee for the award.

An award for the most innovative research went to Mateusz "j00ru" Jurczyk and Gynvael Coldwind for their study into Windows kernel vulnerabilities that resulted in the discovery of 37 previously unknown flaws.

An Adobe Reader buffer overflow and sandbox escape flaw (CVE-2013-0641) won a gong for best client-side bug, while Ben Murphy scooped the equivalent server-side award for unearthing serious vulnerabilities in a Ruby on Rails library (CVE-2013-0156).

David Wang (AKA planetbeing) and the evad3rs team scored the Best Privilege Escalation Bug accolade for developing ways to circumventing code signing in iOS.

The Pwnie for Epic Fail went to Hakin9 magazine, a publication best known for spamming security researchers with requests to write articles without payment that has made it the target of the occasional prank.

Best Song Pwnie went to ‪Dual Core's ‬All The Things rap, ‪which features the chorus "We drink all the booze, hack all the things", showing if nothing else a keen awareness of the target audience.‬

The full list of winners of this year's Pwnies is here. A list of nominees for the awards can be found here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.