The winners of the 2009 Pwnie Awards are out, with a few surprise winners:Lamest Vendor Response: The Linux kernel development team. As the award tartly points out, just because they can't get better than a Denial-of-Service out of an attack doesn't mean that someone with better skillz can't get a root shell. You can almost hear the sighs of relief from Redmond.
Mass Pwnage: Red Hat managed to ship their version of Linux with a backdoored OpenSSH package. Nobody really knows how many systems are pwned, and there doesn't seem to be a good way to find out. K3wL!
Most Overhyped Bug: This was for the vulnerability exploited by the Conflickr worm or, as the Pwnie judges termed it, the "InfoSec Press Full Employment Act of 2009". Heh.
And the coveted Most Epic Fail Pwnie goes to Twitter:
But this year Twitter learned the hard way that when your entire security rests in the cloud, it only takes one unused hotmail account and a bored teenager to get your entire business plan, all your employee's personal information, and administrative access to your 55 million dollar web application. According to Twitter's top secret internal documents (now published on Techcrunch) "Are we building a new Internet?!?" Well if they are, it's one that needs more security.Double Heh. Could use some more cowbell, too, but maybe that's just me.
1 comment:
The hubris of mankind...
Best regards,
Albert
Trophy Merriam’s Turkey
Fallow Deer: Hints and Tips
Post a Comment