In association with heise online

23 July 2012, 12:37

Nominations are in for the "Security Oscars"

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Pwnie logo
The Pwnie Awards are intended to be the Oscars of the security community. The show has opened with the nomination of the candidates; the winners will be announced on Wednesday 25 July. Similar to Hollywood, this community also has bright stars who sometimes use dubious methods to try and improve their chances of winning a trophy – but it also has its losers who must endure mockery and ridicule in the run-up to the event.

For its more than embarrassing password disclosures, the LinkedIn business network has been nominated for the "Most Epic Fail" award: "What has 2,500 employees, over 90 million users, no CSO, and hates salt?" The jury also mocks a network supplier who incorporated the private root key for SSH access in firmware that is plainly visible on the net: "For FAIL, press F5". The nomination of the entire anti-virus industry wasn't even deemed to need an explanation. No wonder, considering the fact that AV icon Mikko Hypponen recently admitted that the entire industry has failed.

Oracle is well represented in the area of server-side bugs this time: the potential listener in Oracle clusters that the company had known about for 4 years before accidentally disclosing it is competing against the MySQL authentication bypass bug: "I am root, can I log in?" "No?" "How about now?" "Still No?" "Now?" "Thank you!". Its recently publicised decision not to fix the "Evil Listener" bug also makes Oracle a top contender for the "Lamest Vendor Response" category, but the candidates for this award haven't been announced yet.

Pinkie Pie
Pinkie Pie has a clear advantage
Source: Alex4nder02
Glamour abounds in the client-side bug category, where rock star Charlie Miller is nervously contemplating whether the iOS bug that allowed code to be injected and caused him to be excluded from Apple's developer programme will be worth an award. Experts think that his chances are slim.

The author of the competing Chrome exploit has in his favour the fact that he cunningly linked a total of 6 security holes to hijack Chrome and scoop $60,000 – but there is also another, less technical aspect: how could Charlie ever hope to successfully compete against Pinkie Pie at the Pwnie Awards?


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit