Winners of Pwnie Awards 2011
Pwnie for Best Server-Side Bug
Awarded to the person who discovered or exploited the most technically sophisticated and interesting server-side bug. This includes any software that is accessible remotely without using user interaction.
Pwnie for Best Client-Side Bug
Awarded to the person who discovered or exploited the most technically sophisticated and interesting client-side bug. These days, ‘client’ is pretty much synonymous with ‘web browser’, but don't forget about all the media player integer overflows!
FreeType vulnerability in iOS (CVE-2011-0226)
Comex exploited a vulnerability in the interpreter for Type 1 font programs in the FreeType library used by MobileSafari. This exploit is a great example of programming a weird machine to exploit a modern system. Comex used his control over the interpreter to construct a highly sophisticated ROP payload at runtime and bypass the ASLR protection in iOS. Furthermore, the ROP payload exploited a kernel vulnerability to execute code in the kernel and disable code-signing. The exploit was hosted on jailbreakme.com and was successfully used by thousands of people to jailbreak their iOS devices.
Pwnie for Best Privilege Escalation Bug
Awarded to the person who discovered or exploited the most technically sophisticated and interesting privilege escalation vulnerability. As more defense-in-depth systems like Mandatory Access Control and Virtualization are deployed, privilege escalation vulnerabilities are becoming more important. These vulnerabilities can include local operating system privilege escalations, operating system sandbox escapes, and virtual machine guest breakout vulnerabilities.
Pwnie for Most Innovative Research
Awarded to the person who published the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post.
Securing the Kernel via Static Binary Rewriting and Program Shepherding
To implement some of the ideas from pax-future.txt is one thing, to implement them through static analysis on Windows, rewriting drivers automagically, and have it all work preserving binary compatibility across a wide range of Windows versions: that's deserving of respect.
Pwnie for Lifetime Achievement
Most hackers have the personality of a supermodel who does discrete mathematics for fun. Like mathematicians, hackers get off on solving very obscure and difficult to even explain problems. Like models, hackers wear a lot of black, think they are more famous than they are, and their career effectively ends at age 30. Either way, upon entering one's fourth decade, it is time to put down the disassembler and consider a relaxing job in management. This award is to honor the previous achievements of those who have moved on to bigger and better things.
The person that we are honoring this year with the lifetime achievement award has, surprisingly, contributed a lot to the defensive side of security. The winner has repeatedly innovated behind the scenes, avoided the conference circus and maintained a high level of personal and intellectual integrity.
His technical work has had an outsize impact on security: His ideas are fundamental to security improvements in all major operating systems in recent years, and his ideas have indirectly shaped most modern memory-corruption attack techniques. No attacker can be taken seriously nowadays that does not deal with defensive inventions pioneered by our winner.
In an environment where Microsoft awards 200k USD for mitigation ideas that they can then patent and monopolize, he has freely shared his ideas - out of intellectual openness, but also out of a rather endearing mixture of humility and incredulity at the general retardedness of others.
Aside from all this, his innovations had a major impact when they were first introduced: For quite a while after their introduction, his work made it difficult to hack other hackers, taking away the hackers favourite pasttime -- infighting -- and making sure that innocent third parties were hacked.
The winner of this years lifetime achievement award is pipacs/PaX Team, for creating PaX, giving birth to ASLR, impacting all modern operating systems, and, last but not least, for patching an mp3 player and a tetris clone into softIce.
Lamest Vendor Response
Awarded to the vendor who mishandled a security vulnerability most spectacularly.
Pwnie for Best Song
What kind of awards ceremony does not have an award for best song? There is strangely enough a long tradition of hacker-written songs and raps (parodies and originals). For your listening pleasure, the winner is:
The Light It Up Contest
I shed a tear everytime I think of Lik Sang
But shit man, they're a corporation
And I'm a personification of freedom for all
You fill dockets, like thats a concept foreign to y'all
While lawyers muddy water and TROs stall
Out of business is jail for me
Pwnie for Most Epic FAIL
Sometimes giving 110% just makes your FAIL that much more epic. And what use would the Internet be if it wasn't there to document this FAIL for all time?
This award is to honor a person or company's spectacularly epic FAIL. And the winner is:
After Fail0verflow and GeoHot published how to jailbreak the PS3, Sony got a bit miffed. Apparently unfamiliar with how the Internet works and how difficult it is to remove the piss from a swimming pool, Sony proceeded to try erase the information from the Internet and sue GeoHot et al. into oblivion. Needless to say, this was about as successful as the MiniDisc.
Speaking of piss in a swimming pool, that just happened to be how well Sony protected their Sony Online Entertainment (SOE) users' account info and roughly 25 to 77 million account details were stolen by unknown hackers. That metaphor makes just about no sense at all, but you get the point: FAIL.
After learning the hard way that their PlayStation Network was about as porous as air, Sony had to shut it down for over two months to rebuild it from scratch. In doing so, they made everyone from your 8-year old cousin to your barber learn about the importance of security. Hooray for us, sorry Sony shareholders.
Noticing a pattern here? But wait, it gets better. Sony might have been able to better repel the multitude of attacks if they hadn't just recently laid off a significant number of their network security team. Great timing, guys.
Pwnie for Epic 0wnage
0wnage, measured in owws, can be delivered in mass quantities to a single organization or distributed across the wider Internet population. The Epic 0wnage award goes to the hackers responsible for delivering the most damaging, widely publicized, or hilarious 0wnage. This award can also be awarded to the researcher responsible for disclosing the vulnerability or exploit that resulted in delivering the most owws across the Internet.
How many centrifuges did your rootkit destroy? How many national nuclear programs did your worm disrupt? How many 0day exploits and rootkits for equipment that no one you has ever heard of have you written? Exactly.