Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux, Twitter, and Red Hat "Win" Big At Pwnie Awards

Posted by Soulskill on from the i'd-like-to-thank-the-academy dept.

hugmeplz writes "The third annual Pwnie Awards took place last night at Black Hat in Las Vegas, and a full list of the winners has been posted. 'Most Epic Fail' honors went to the notorious Twitter/Google Apps hack from earlier this month that raised all sorts of questions about cloud computing security. Red Hat got skewered with the 'Mass 0wnage' award, also known as the 'Pwnie for Breaking the Internet,' for issuing a version of OpenSSH that left a backdoor open to hackers. The Linux development team earned 'Lamest Vendor Response' recognition for 'continually assuming that all kernel memory corruption bugs are only Denial-of-Service.' Naturally, Microsoft didn't slip past judges' eyes. Its vulnerability that enabled the Conficker worm to do its thing earned honors as the 'Most Overhyped Bug.' On the more positive side, the Pwnie Awards recognized security pros Wei Yongjun, sgrakkyu, Sebastian Kramer and Bernhard Mueller for accomplishments such as discovering bugs and demonstrating exploits. The Pwnie for Best Song went to Doctor Braid for his song Nice Report. Solar Designer snagged the Lifetime Achievement Award, for among other things, being the first to demonstrate heap buffer overflow exploitation, according to the Pwnie Awards Web site."

6 of 63 comments (clear)

  1. 'breaking the internet' by JonJ · · Score: 2, Insightful

    Has there been a mass breakout of rooted RHEL machines?

    --
    -- Linux user #369862
  2. "Epic Fail?" "Ownage?" by RobotRunAmok · · Score: 5, Insightful

    Help me out with this one: Do they go out of there way to sound like their fourteen years old cuz it's some kind tradition/secret handshake thing, or don't they realize how juvenile and goofy they sound?

  3. Missing award... by gmuslera · · Score: 5, Insightful

    to the ones that hacked their web page and put that fake list of awards.

    Come on, "experts" that calls Linux a "vendor"? That called "overhyped" the bug that enabled Conflicker to do the biggest massive infection of PCs since 2003? Their link to the "backdoored redhat openssh" (that was already discussed here that wasnt) actually links to an advisory about a Windows remote rpc vulnerability.

    Of course, the alternative is that their page is how it was meant to be, and in that case Hanlon would have the real explanation of what happened.

  4. pwnies? by timmarhy · · Score: 1, Insightful

    the stupid name given to this event means they need to give themselfs their own fail award..

    --
    If you mod me down, I will become more powerful than you can imagine....
  5. Actually, if your read .... by dbcad7 · · Score: 3, Insightful

    What I noticed in the nominations.. is that these were supposed to be award to PEOPLE who discovered the vulnerabilities.. how this has turned into something like Red Hat receiving a "your bad" award, instead of "anonymous discoverer" being recognized for a "good job at finding the baddie".. I just don't know... I guess it's more fun to point out flaws.. So I will point out a flaw in the submitter of the article, for their comprehension skills.

    --
    waiting for ad.doubleclick.net
  6. Re:"Epic Fail?" "Ownage?" by metrix007 · · Score: 3, Insightful

    Don't be foolish. The world is not so simple, black and white as compared to the colours of imaginary hats. In the world we live in, there may be many justified reasons for breaking into a computer. Script kiddies don't just idolise blackhats, anyone interested in security research does, for coming up with the frequently ingenuous attacks they devise. Judging them for their actions is another issue altogether.

    --
    If you ignore ACs because they are anonymous - you're an idiot.