recognize both excellence and incompetence in the field of information security
The UW CSE Band
The UW CSE Band has the unique distinction of being the first Best Song nominee that is sung (not rapped) by someone who can actually sing on key. This song, a cover of The Cranberries’ “Zombie”, gives us flashbacks to the mid-90’s when server-side remotes and raver pants were plentiful.
Dual Core
Written for the Social Engineering Podcast, this song satisfies your corporate social engineering training requirement and you get CISSP points just by listening to it. Just tell your boss that we said so.
Anti-Virus Industry
Do you really need us to elaborate?
Frk7
Even botmasters have trouble adhering to sound information security practices like choosing strong passwords, auditing their PHP code for vulnerabilities, and limiting the amount of their personal information that is available online. The malware.lu crew took advantage of fails in all of these to track down and dox the botmaster behind the Herpes botnet. If you find that one of your machines is infected with Herpes, ask your doctor what malware.lu can do for you.
What has 2500 employees, over 90 million users, no CSO, and hates salt? This company.
F5 Networks
Including a SSH authentication public key for root on all F5 devices is nice, putting the private key for it in the firmware where it can be found and then used against any other F5 device is even better. For FAIL, press F5.
Flame Authors
Any attack that requires a breakthrough in cryptography to pull off is pretty cool in our book. And being able to pwn any Windows machine through Windows Update is pretty mass 0wnage.
Everyone
It turns out that Certificate Authorities themselves are one massive security vulnerability. How many more CAs need to get popped before we as an industry realize that allowing Bob’s Bait, Tackle, and Certificates to issue wildcard certificates is a bad idea?
iPhone Dev Team and Chronic Dev Team
We love the jailbreakers and you should too. They publicly drop all of their exploits as 0day, convince millions of users to disable the security features on their own devices, and then keep those devices vulnerable to the released exploits until new exploits can be developed and released in the patched versions of iOS.