The Pwnie
Pwnie is pronounced “pony,” a form of hacker slang where ‘pwn’ means the hacker has penetrated and compromised your computer, meaning that you have been pwned. The winners receive a My Little Pony “statuette” painted gold.
Lamest Vendor Response
To the vendor who mishandled a security vulnerability “most spectacularly,” the Pwnie goes to RSA Security. They basically passed [a massive data breach] off as a non-event and advised customers that replacing their [security] tokens is not necessary … until Lockheed-Martin got attacked because of them.”
Most Epic FAIL
“Giving 110 percent just makes your FAIL that much more epic.” Sony dominated this category, but for different reasons. It was no surprise that Sony won the pwnie, but for all the reasons it was nominated for. Not just one.
Most Innovative Research
The researcher with the most innovative research was Piotr Pania for his work on the Windows kernel using static binary rewriting.
Best Server-Side Bug
For the most “technically sophisticated and interesting server-side bug,” the winners were Juliano Rizzo and Thai Duong for showing that ASP.NET is vulnerable to an attack that can be used to remotely compromise any ASP.NET Web app and launch remote code execution on the server.
Best Client-Side Bug
For the most “technically sophisticated and interesting client-side bug,” which may or may not be issues with the Web browser, the winner was comex, the 19-year old Apple hacker behind the JailbreakMe Website.
Best Song
What kind of awards ceremony does not have an award for best song? With 10 nominees, this was the biggest category. Following the tradition of hacker-written songs and raps, the winning song was Geohot’s rap, The Light It Up Contest.
Best Privilege Escalation Bug
For the most “technically sophisticated and interesting privilege escalation vulnerability,” which may include local operation system escalations, sandbox escapes and virtual machine guest breakouts, the winner was Tarjei Mandt for uncovering more than 40 vulnerabilities in the Windows kernel and developing exploits.
Epic 0wnage
The top award of the night recognizes the hackers responsible for delivering the most damaging, widely publicized or hilarious 0wnage. The winner was Stuxnet. “How many centrifuges did your rootkit destroy?”
Lifetime Achievement Award
This award honors the “previous achievements of those who have moved on to bigger and better things” and was awarded to “pipacs” of the PaX Team, who is credited with creating PaX, a patch for the Linux kernel that implemented least privilege protections for memory pages and Address space layout randomization (ASLR), which is used in all modern operating systems to randomize key data in memory.