Pwnie Awards 2017

2020 Nomination for Most Epic FAIL


Microsoft’s implementation of elliptic curve signatures allowed attackers to generate private pairs for the public keys of any legitimate signer. This enabled spoofing of any HTTPS website or signed binary on affected versions of Windows. We wish Microsoft was as lenient when choosing the time of updates, as it was for choosing generator points!