Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux, Twitter, and Red Hat "Win" Big At Pwnie Awards

Posted by Soulskill on from the i'd-like-to-thank-the-academy dept.

hugmeplz writes "The third annual Pwnie Awards took place last night at Black Hat in Las Vegas, and a full list of the winners has been posted. 'Most Epic Fail' honors went to the notorious Twitter/Google Apps hack from earlier this month that raised all sorts of questions about cloud computing security. Red Hat got skewered with the 'Mass 0wnage' award, also known as the 'Pwnie for Breaking the Internet,' for issuing a version of OpenSSH that left a backdoor open to hackers. The Linux development team earned 'Lamest Vendor Response' recognition for 'continually assuming that all kernel memory corruption bugs are only Denial-of-Service.' Naturally, Microsoft didn't slip past judges' eyes. Its vulnerability that enabled the Conficker worm to do its thing earned honors as the 'Most Overhyped Bug.' On the more positive side, the Pwnie Awards recognized security pros Wei Yongjun, sgrakkyu, Sebastian Kramer and Bernhard Mueller for accomplishments such as discovering bugs and demonstrating exploits. The Pwnie for Best Song went to Doctor Braid for his song Nice Report. Solar Designer snagged the Lifetime Achievement Award, for among other things, being the first to demonstrate heap buffer overflow exploitation, according to the Pwnie Awards Web site."

7 of 63 comments (clear)

  1. May want to actually read the article on this one by pembo13 · · Score: 5, Informative

    I read through to find out what had happened with Red Hat. I was surprised to see they were referencing the incident last year where some binaries were signed by an intruder, and went on to say that there was "little public information available" on incident. However I know Red Hat made several press releases, culminating with a full time line of the events. In fact, I seem to remember the problem having been due to someone's lax handling of their own secrets (keys/password) as opposed to an actual hack.

    --
    "Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
  2. Cornflicker by westlake · · Score: 1, Informative

    Its vulnerability that enabled the Conficker worm to do its thing earned honors as the 'Most Overhyped Bug.'

    Cornflicker was a non-event for those who had installed the patch months before the worm began to do it's thing.
     

  3. Re:"Epic Fail?" "Ownage?" by RobotRunAmok · · Score: 3, Informative

    "their way"... "like they're"... long week

  4. Re:First post by csartanis · · Score: 2, Informative

    Well that didn't stop this guy.
    http://seclists.org/fulldisclosure/2009/Jul/0505.html

  5. Re:"Epic Fail?" "Ownage?" by DNS-and-BIND · · Score: 2, Informative
    Sadly, those are phrases used by "legitimate" "security" "professionals" these days.

    Bonus points for using the non-word 'cuz' and the easily-avoided error 'their' in your post complaining about the poor English of others.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!
  6. Re:"Epic Fail?" "Ownage?" by Virak · · Score: 2, Informative

    Despite popular opinion, wisdom and maturity do not necessarily come with age, and it certainly hasn't in your case. You don't have the slightest fucking clue about the security industry, and the only things you have backing you up are ad hominems and an impressive amount of childishness for someone who likes to brag about their age. Being older doesn't make you any more right; it just makes you older and still wrong.

  7. Re:"Epic Fail?" "Ownage?" by Flavio · · Score: 2, Informative

    Think about it. These are BLACKHAT awards. (...)

    Registration for Black Hat costs around $1500, and one of their major sponsors is Microsoft.

    Draw your own conclusions.