2014 Pwnie Award Nominees

Best Client-Side Bug

Google Chrome Arbitrary Memory Read Write Vulnerability (CVE-2014-1705)

Goto Fail (CVE-2014-1266)

Heartbleed (CVE-2014-0160)

Best Privilege Escalation Bug

AFD.sys Dangling Pointer Vulnerability (CVE-2014-1767)

Linux Futex Bug (CVE-2014-3153)

Pangu iOS 7.1 Jailbreak

Pwn4Fun Safari vulnerability (CVE-2014-1300)

VirtualBox VM Breakout using 3D Acceleration (CVE-2014-0981)

evasi0n iOS 7.0 jailbreak

Best Server-Side Bug

Abusing JSONP with Rosetta Flash (CVE-2014-4671)

Embedded Device Hacking

Heartbleed (CVE-2014-0160)

IPMI: Sold Down the River

Best Song

“Expect Us (We Are Anonymous)”

“I’m a C I Double S P”

“Memory Corruption”

“Security Kate”

“The SSL Smiley Song”

Epic 0wnage

Heartbleed (CVE-2014-0160)

Inputs.io

Mt. Gox

Target Breach

Lamest Vendor Response

AVG Remote Administration Insecure “By Design”

Faulty Ignition Switch

Fired, I?

OpenCart PHP Object Injection Vulnerability

Most Epic Fail

Goto Fail

Heartbleed

ISC2 Optional Membership Fee

Target Breach

Most Innovative Research

Bypassing Windows 8.1 Mitigations using Unsafe COM Objects

Hacking Blind

Hardware-assisted Memory Corruptions

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Windows 8 UEFI Secure Boot Bypasses