nion's blog

Finally the pwnie award nominations are out, a bit late though.

Of course we also got our nomination for the infamous openssl issue in the Most Epic FAIL category as well as one nomination for Luciano for the discovery of this in the Mass0wnage section :/

I nominated Wonderware (I wrote about that before) in the Lamest vendor response category, looks like it has been accepted.

wordpress also got its place in the Mass0wnage category:

An unbelievable number of WordPress vulnerabilities (CVE-2008-*)

Discovered by: everybody who cared to look

It seems like hardly a week goes by without a new vulnerability in WordPress or one of its many plugins. Many of them are actively being exploited to own popular WordPress blogs and use them to serve spam or client-side exploits to unsuspecting visitors. The popularity of WordPress combined with the abysmal security practices of WordPress plugin developers places the entire Internet at risk and is worty of a nomination.

138 reported vulnerabilities since 2004 referring to MITRE, shocking!