One guy acting strangely is a nut. A bunch of people doing the same thing is called a church. - Shawn Mahaney
JAPANESE ELECTRONICS GIANT Sony won the 'Most Epic FAIL' Pwnie award at the Black Hat USA security conference on Wednesday after multiple security breaches this year.
The news comes as no surprise as Sony company was the sole nominee in that category - and it was a no-brainer really.
Sony was slated for its response to hackers publishing the PS3 ECDSA key. "Apparently unfamiliar with how the internet works and how difficult it is to remove the piss from a swimming pool, Sony proceeded to try erase the information from the internet and sue GeoHot et al. into oblivion. Needless to say, this was about as successful as the MiniDisc," the Pwnie organisers wrote.
Of course, as everyone knows, the legal crackdown transformed Sony into the public enemy number one of hackers everywhere, a position no one would ever want to be in. The compromises of the Sony Playstation Network (PSN), the Sony Online Entertainment (SOE) network and other Sony web properties that followed made the company a worthy candidate for the Most Epic FAIL Pwnie.
The judging panel, made up by renowned security researchers HD Moore, Mark Dowd, Halvar Flake, Dave Goldsmith, Dave Aitel, Dino Dai Zovi, Alexander Sotirov, and Ralf-Philipp Weinmann selected the hardware manufacturer for five separate security failures.
The Pwnies are awarded every year for nine categories of security achievements: best server-side bug, best client-side bug, best privilege escalation bug, most innovative research, lamest vendor response, best song, most epic fail, epic 0wnage and lifetime achievement.
Another win that we anticipated was in the lamest vendor response category, where RSA Security took home the prize. "They got hacked, their SecurID tokens were totally compromised, and they basically passed it off as a non-event and advised customers that replacing the tokens is not necessary ... until Lockheed-Martin got attacked because of them," the judges explained.
The most contested Pwnie award was probably the Epic 0wnage one. The infamous Stuxnet industrial sabotage worm battled Anonymous, Lulzsec and alleged WikiLeaks source Bradley Manning to come out on top.
The Pwnie for Best Server-Side Bug went to Juliano Rizzo and Thai Duong for their ASP.NET framework padding oracle attack, while the Best Client-Side Bug Pwnie was awarded to Iphone hacker Comex for discovering the Freetype vulnerability in IOS used by Jailbreakme.
Researcher Tarjei Mandt who found multiple user-mode callback vulnerabilities in the Windows kernel took home the Pwnie for Best Privilege Escalation Bug and Piotr Bania's work with kernel security techniques made him worthy of the most Most Innovative Research award.
Finally, the Lifetime Achievement Pwnie was awarded to the The Pax Team, whose Pax Linux kernel patch and address space layout randomization (ASLR) mechanisms changed the entire defensive security field. The main coder behind Pax is an anonymous developer.
"In an environment where Microsoft awards 200k USD for mitigation ideas that they can then patent and monopolize, he has freely shared his ideas - out of intellectual openness, but also out of a rather endearing mixture of humility and incredulity at the general retardedness of others," the Pwnie judging panel noted. µ
Sign up for INQbot – a weekly roundup of the best from the INQ