The Pwnies 2011 security award winners announced
The winners of the 2011 Pwnie Awards have been announced at a ceremony during the Black Hat security conference in Las Vegas. The Pwnie awards are regarded as the Oscars of the security community, recognising both the best and the worst in the field of information security.
The 2011 award for the Best Server-Side Bug was presented to Juliano Rizzo and Thai Duong for finding an ASP.NET vulnerability, while the Pwnie for Best Client-Side Bug went to Comex for exploiting a FreeType vulnerability in iOS which was used by thousands to jailbreak their Apple devices. The Best Privilege Escalation Bug of 2011 was given to Tarjei Mandt for the more than 40 holes that he discovered in the Windows kernel.
The Most Innovative Research award was presented to Piotr Bania for a paper entitled "Securing the Kernel via Static Binary Rewriting and Program Shepherding" and the Lamest Vendor Response went to RSA for its handling of the SecurID token compromise. The winner of the 2011 Pwnie for Lifetime Achievement is pipacs/PaX Team "for creating PaX, giving birth to ASLR, impacting all modern operating systems, and, last but not least, for patching an mp3 player and a tetris clone into softIce."
The Pwnie for Epic 0wnage went to the Stuxnet worm, which focused its attacks on industrial control systems that run specialised SCADA software. As previously noted, the winner for the Most Epic FAIL category is Sony; all 5 of the nominees were Sony. The Pwnie for Best Song written by a hacker went to George Hotz, aka 'geohot', for "The Light It Up Contest" – a video of geohot singing the song is available on YouTube.
Winners were selected by a jury of prestigious security experts, including Mark Dowd, Dino Dai Zovi, HD Moore, Ralf-Philipp Weinmann, Alex Sotirov and Germany's Thomas Dullien aka Halvar Flake. Additional details on the winners is available on the Pwnies web site.