Fergie's Tech Blog: 2008 Pwnie Award Winners

Friday, August 08, 2008

Best Server-Side Bug: Ryan Smith and Alex Wheeler (Windows IGMP kernel vulnerability discovery)
Best Client-Side Bug: Nate McFeters, Rob Carter, and Billy Rios (Multiple URL protocol handling flaws)
Mass 0wnage: For the mass of Wordpress vulnerabilities found this past year (and anyone who found them)
Most Innovative Research: Cold Boot attacks on disk encryption keys (Princeton researchers)
Lamest Vendor Response: McAfee, for its reaction to the over 60 Websites classified as "Hacker Safe" by its ScanAlert service that were found to be XSS-vulnerable -- including the ScanAlert Website itself.
Most Overhyped Bug: Dan Kaminsky's Unspecified DNS cache poisoning vulnerability.
Best Song: "Packing the K!" Kaspersky Lab
Most Epic FAIL: Debian, for shipping a backdoored OpenSSL library for two years
Lifetime Achievement Award: Tim Newsham

More here.