Nominations for the 2011 security Oscars announced
The Pwnie awards aim to be the Oscars of the security community. The awards are all about the pwning – taking over devices, services and data by exploiting security vulnerabilities. The Black Hat security conference, which is taking place from 30 July to 2 August in Las Vegas, will once more see awards given to some of the more spectacular vulnerabilities and exploits.
Nominations are divided into eight categories. These include traditional categories, such as server- and client-side bugs and the often underestimated privilege escalation bugs. But there will also be Pwnies for the "Lamest Vendor Response" and the "Most Epic FAIL". There are, however, no nominations for the ninth, "lifetime achievement", category.
The list of nominations makes interesting reading. Starting with the ASP.NET vulnerability, continuing with the Google Chrome sandbox hack through to the Blackberry Pwn2Own exploit, many of the nominations have already been reported in The H and should be familiar to regular readers. The juxtaposition of all these vulnerabilities provides a useful overview of the major security events of the last year and of the current state of attack techniques.
The winners will be chosen by a jury of prestigious security experts, including Mark Dowd, Dino Dai Zovi, HD Moore, Ralf-Philipp Weinmann, Alex Sotirov and Germany's Thomas Dullien aka Halvar Flake. The winner in the Most Epic FAIL category is already clear: candidates for the award are Sony, Sony, Sony, Sony and – no surprise here – Sony.