The Pwnie Awards are an annual event at the Black Hat security conference in Las Vegas. They award the Golden Pwnie in a variety of categories: mass 0wnage, most innovative research, most overhyped bug, most epic FAIL, and our favorite: Best Song. Embedded above is [Paco Hope]‘s 50 Ways to Inject Your SQL. While a strong entry, it doesn’t touch last year’s winner Kaspersky & Me: “Packin’ The K!”.
The first night of Black Hat briefings concluded with the Pwnie Award Ceremony. The awards reward achievements in security… but mostly failures. Notably, this was the first year anyone accepted an award in person. Hack a Day took home an early victory by producing a MacBook mini-DVI to VGA adapter (pictured above). The ceremony was fairly straight forward after that. Best Server-Side Bug went to the Windows IGMP kernel vulnerability. It was a remote kernel code execution exploit in the default Windows firewall. The Best Client-Side Bug went to Multiple URL protocol handling flaws like this URI exploit. Mass 0wnage went to WordPress for many many vulnerabilities. Most Innovative Research went to the Cold Boot Attack team. Lamest Vendor Response was won by McAfee for saying XSS can’t be used to hack a server. The Most Overhyped Bug went to [Dan Kaminsky] for his DNS vulnerability. Most Epic FAIL was won by the team behind Debian for shipping the OpenSSL bug for two solid years. Lifetime Achievement Award was won by [Tim Newsham]. Finally, the Best Song was by Kaspersky Labs for Packin’ The K!, which you can find embedded below.
Nominations for the 2008 Pwnie Awards have opened. The annual event, in its second year, is accepting nominations in nine categories ranging from Mass 0wnage to Best Song. The awards will be presented at the Black Hat in Las Vegas in August. Linux.com covered last year’s awards ceremony.