Pwnie Awards 2007 Winners are here

The Pwnie Awards are an annual award ceremony celebrating the achievements and failures of security researchers and the security community. It is also supposed to be funny. The awards are given out once an year.

Winners are ...

1. Best Server-Side Bug : Awarded to the person who discovered the most technically sophisticated or interesting server side bug. This includes any software that is accessible remotely.

Solaris in.telnetd remote root exploit (CVE-2007-0882)
Discovered by: Kingcope

This mindblowingly simple vulnerability does not require any special hacking tools or shellcode. It can be exploited with nothing more than a standard telnet client and leads to instant root on Solaris 10 and 11. The best part is that the exact same vulnerability was reported to Bugtraq back in 1994. For more details see the original advisory and detailed analysis of the bug.

2. Best Client-Side Bug : Awarded to the person who discovered the most technically sophisticated and interesting client bug. In 2007 the term ‘client’ is pretty much synonymous with ‘web browser’, but don't forget about all those QuickTime bugs!

Unhandled exception filter chaining vulnerability (CVE-2006-3648)
Discovered by: skape & skywing

This vulnerability allows the exploitation of any unhandled exception in Internet Explorer, including NULL-pointer dereferences. It was described in Exploiting the Otherwise Non-exploitable on Windows, published in Uninformed Vol. 4. Bugs like this happen once in a decade.

3. Mass 0wnage : Awarded to the person who discovered the bug that resulted in the most widespread exploitation. Also known as the ‘Pwnie for Breaking the Internet.’

WMF SetAbortProc remote code execution (CVE-2005-4560)
Discovered by: anonymous

The remote code execution vulnerability in the WMF file format was a feature, not a bug. The exploit was discovered in the wild in December of 2005 and led to massive exploitation on the Interweb. This vulnerability deserves an award for its obviousness, ease of exploitation and high impact.

4. Most Innovative Research : Awarded to the person who published the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post.

Temporal Return Addresses
skape

Using timers and tick counters as shellcode opcodes? We'll just have to wait until 2010 to see some awesome exploits. Published in Uninformed Vol. 2.

5. Lamest Vendor Response : Awarded to the vendor who mishandled a security vulnerability most spectacularly.

OpenBSD IPv6 mbuf kernel buffer overflow (CVE-2007-1365)
OpenBSD team

The OpenBSD team refused to acknowledge the bug as a security vulnerability and issued a "reliability fix" for it. A week later Core Security had developed proof of concept code that demonstrated remote code execution. Read the full timeline and quotes in the Core advisory.

6. Most Overhyped Bug : Awarded to the person who discovered a bug resulting in the most hype on the Internets and in the traditional media. Extra points for bugs that turn out to be impossible to exploit in practice.

MacBook Wi-Fi Vulnerabilities
Discovered by: David Maynor

David Maynor demonstrated exploiting a remote vulnerability in a third party wireless driver for an Apple Macbook in a video shown at BlackHat USA and DefCon 2006 and mentioned that Apple's built-in wireless drivers also had security problems. Two months later, Apple released security updates to the wireless drivers but without crediting Maynor claiming that he never provided evidence of any vulnerabilities within the Apple-supplied wireless drivers and that the updates were the result of a proactive security audit. Maynor presented at BlackHat DC 2007 in February, showing his e-mails to Apple explaining how to set up an 802.11 fuzzing machine and demonstrating a remote kernel panic triggered over 802.11. In the end, the only public information about Maynor's Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor's findings.

7. Best Song : What kind of award ceremony does not have an award for best song? Let's see if anybody can beat Derek's Twas the night before Christmas.

Symantec Revolution
Symantec

We've got your personal firewalls,
security is where we stand tall.
Our brands are known for quality,
guaranteed to help you succeed!

We're the leader in Internet security
People trust our work implicitly
This world wide conference is to prove Symantec's hot hot hot!
So raise the roof.

Symantec Revolution! We're giving you sweet solutions!

Check Pwnie Award Nominees.

Judges

The Pwnie Award nominations will be judged by a panel of respected security researchers - the closest to a jury of peers a hacker is likely to ever get.

1. Dave G
2. Mark Dowd
3. Dino Dai Zovi
4. HD Moore
5. Dave Aitel
6. Halvar Flake
7. Alexander Sotirov