Winners of Pwnie Awards 2007
Pwnie for Best Server-Side Bug
Awarded to the person who discovered the most technically sophisticated or interesting server side bug. This includes any software that is accessible remotely.
Solaris in.telnetd remote root exploit (CVE-2007-0882)
This mindblowingly simple vulnerability does not require any special hacking tools or shellcode. It can be exploited with nothing more than a standard telnet client and leads to instant root on Solaris 10 and 11. The best part is that the exact same vulnerability was reported to Bugtraq back in 1994. For more details see the original advisory and detailed analysis of the bug.
Pwnie for Best Client-Side Bug
Awarded to the person who discovered the most technically sophisticated and interesting client bug. In 2007 the term ‘client’ is pretty much synonymous with ‘web browser’, but don't forget about all those QuickTime bugs!
Unhandled exception filter chaining vulnerability (CVE-2006-3648)
This vulnerability allows the exploitation of any unhandled exception in Internet Explorer, including NULL-pointer dereferences. It was described in Exploiting the Otherwise Non-exploitable on Windows, published in Uninformed Vol. 4. Bugs like this happen once in a decade.
Pwnie for Mass 0wnage
Awarded to the person who discovered the bug that resulted in the most widespread exploitation. Also known as the ‘Pwnie for Breaking the Internet.’
WMF SetAbortProc remote code execution (CVE-2005-4560)
The remote code execution vulnerability in the WMF file format was a feature, not a bug. The exploit was discovered in the wild in December of 2005 and led to massive exploitation on the Interweb. This vulnerability deserves an award for its obviousness, ease of exploitation and high impact.
Pwnie for Most Innovative Research
Awarded to the person who published the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post.
Temporal Return Addresses
Using timers and tick counters as shellcode opcodes? We'll just have to wait until 2010 to see some awesome exploits. Published in Uninformed Vol. 2.
Pwnie for Lamest Vendor Response
Awarded to the vendor who mishandled a security vulnerability most spectacularly.
OpenBSD IPv6 mbuf kernel buffer overflow (CVE-2007-1365)
The OpenBSD team refused to acknowledge the bug as a security vulnerability and issued a "reliability fix" for it. A week later Core Security had developed proof of concept code that demonstrated remote code execution. Read the full timeline and quotes in the Core advisory.
Pwnie for Most Overhyped Bug
Awarded to the person who discovered a bug resulting in the most hype on the Internets and in the traditional media. Extra points for bugs that turn out to be impossible to exploit in practice.
MacBook Wi-Fi Vulnerabilities
David Maynor demostrated exploiting a remote vulnerability in a third party wireless driver for an Apple Macbook in a video shown at BlackHat USA and DefCon 2006 and mentioned that Apple's built-in wireless drivers also had security problems. Two months later, Apple released security updates to the wireless drivers but without crediting Maynor claiming that he never provided evidence of any vulnerabilities within the Apple-supplied wireless drivers and that the updates were the result of a proactive security audit. Maynor presented at BlackHat DC 2007 in February, showing his e-mails to Apple explaining how to set up an 802.11 fuzzing machine and demonstrating a remote kernel panic triggered over 802.11. In the end, the only public information about Maynor's Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor's findings.
Pwnie for Best Song
What kind of award ceremony does not have an award for best song? Let's see if anybody can beat Derek's Twas the night before Christmas.
We've got your personal firewalls,
security is where we stand tall.
Our brands are known for quality,
guaranteed to help you succeed!
We're the leader in Internet security
People trust our work implicitly
This world wide conference is to prove Symantec's hot hot hot!
So raise the roof.