Linux, Twitter, and Red Hat "Win" Big At Pwnie Awards

hugmeplz writes "The third annual Pwnie Awards took place last night at Black Hat in Las Vegas, and a full list of the winners has been posted. 'Most Epic Fail' honors went to the notorious Twitter/Google Apps hack from earlier this month that raised all sorts of questions about cloud computing security. Red Hat got skewered with the 'Mass 0wnage' award, also known as the 'Pwnie for Breaking the Internet,' for issuing a version of OpenSSH that left a backdoor open to hackers. The Linux development team earned 'Lamest Vendor Response' recognition for 'continually assuming that all kernel memory corruption bugs are only Denial-of-Service.' Naturally, Microsoft didn't slip past judges' eyes. Its vulnerability that enabled the Conficker worm to do its thing earned honors as the 'Most Overhyped Bug.' On the more positive side, the Pwnie Awards recognized security pros Wei Yongjun, sgrakkyu, Sebastian Kramer and Bernhard Mueller for accomplishments such as discovering bugs and demonstrating exploits. The Pwnie for Best Song went to Doctor Braid for his song Nice Report. Solar Designer snagged the Lifetime Achievement Award, for among other things, being the first to demonstrate heap buffer overflow exploitation, according to the Pwnie Awards Web site."

Re:"Epic Fail?" "Ownage?"

[Runaway1956]

Think about it. These are BLACKHAT awards. Who are blackhats? People who want to break into other people's computers. Who idolizes a blackhat? Script kiddies. Those blackhats who are not felons, are not criminals waiting to be convicted, or criminals waiting to be caught, are just juvenile asses trying to emulate the "bad boys". Face it - these are the guys who really DO live in their mama's basements. Growing up and going off to jail is actually a form of upward mobility for them.

Trolls creep into meatspace

[Tweenk]

What the hell. This looks like a troll event if there ever was one, and MS astroturfing as well.
- Conficker bug 'overhyped'? Millions of PCs are infected, turned into zombies and/or crippled and that's 'overhyped'? The Kaminsky DNS bug would be a better candidate. This is just ridiculous.
- Red Hat successfully recovers from losing a private key (the worst thing that can happen in any public key cryptography system) with little actual damage and they call it 'massive ownage'?
- Kernel memory corruption is exploitable? I'm no kernel guru, but I think this is only possible in some rare cases, like when a dangling pointer will always point to a predictable offset from the return address on the stack, but in general it is not. On top of that it would be hard to develop such a bug into a local root exploit, because after the memory corruption the system will be unstable. This is similar to the null-dereference vulnerability in Mozilla which the reporter described as a stack-based buffer overflow to get extra publicity from people who don't know any better.

Whoever they are they I'm not lending them much credibility.