Domain: pwnie-awards.org
Stories and comments across the archive that link to pwnie-awards.org.
Comments · 7
-
Re:Won't work
Oops the link got messed up. It's here.
-
Re:What is the use of such service?
At least with RHEL I know a about their security procedures (quite rigorious).
HAHAHAHAHAHAHAHA. Good joke. From here:
Pwnie for Mass 0wnage
Awarded to the person who discovered the bug that resulted in the most widespread exploitation or affected the most users. Also known as ‘Pwnie for Breaking the Internet.’
*Red Hat Networks Backdoored OpenSSH Packages (CVE-2008-3844)
Credit: unknown
Shortly after Black Hat and Defcon last year, Red Hat noticed that not only had someone backdoored the OpenSSH packages that some of their mirrors were distributing, but managed to sign the packages with Red Hat's own private key. Instead of revoking the key and releasing all new packages, they instead just updated the backdoored packages with clean copies, still signed by the same key, and released a shell script to scan for the MD5 checksums of the affected packages. What makes this eligible for the "mass0wnage" award is that nobody is quite sure how many systems were compromised or what other keys and packages the attackers were able to access. With very little public information available, the real casuality was the public's trust in the integrity of Red Hat's packages.
Yeah, that sounds real rigorous.
-
Award winning work
It was these kind of issues, and the lame responses to them, that won the Linux kernel developers the 2009 Pwnie in the "Lamest Vendor Response" category.
-
Re:Oh the irony
This is the guy who said he found a way to hack a MacBook's wireless card in under a minute. He canceled his demo at Toorcon and never did disclose enough information at the 2007 Black Hat to verify the sensational claim. He left his job after the incident and started what I assume is a two-man operation. (1 CEO and 1 CTO)
Here's David's Pwnie Award: http://pwnie-awards.org/2007/winners.html#overhypedbug
I'm sure there's a lot more to the story, but let's not assume we're dealing with someone who would normally know better. As a security consultant, his best skill is being an alarmist. So this story was right up his ally, and another chance to be in the news.
-
Pwnie award nominee
This vulnerability has pwnie award written all over it.
I would like to nominate it for the most epic fail category.
http://pwnie-awards.org/2008/ -
Up for Pwnie award : Lamest vendor response
An AC posted it above, but he was lame enough to quote the vendor's response without commentary!
http://pwnie-awards.org/2008/awards.html#lamestvendor
The response from Transport of London to the news of successful cloning of Oyster cards includes this priceless comment:
This was not a hack of the Oyster system. It was a single instance of a card being manipulated.
-
The newly-created 10th pwnie award goes to:
http://pwnie-awards.org/ The
/. effect wins the day once again.