nion's blog

Yay the nominations for this year's pwnie awards are out. As in the last years this is a collection of security incidents, lifetime achievements of security researchers and the security community in general which will have the chance to win this awesome award.
The categories this year are:

• Pwnie for Best Server-Side Bug


• Pwnie for Best Client-Side Bug


• Pwnie for Mass 0wnage


• Pwnie for Most Innovative Research


• Pwnie for Lamest Vendor Response


• Pwnie for Most Overhyped Bug


• Pwnie for Best Song


• Pwnie for Most Epic FAIL (new for 2008)


• Pwnie for Lifetime Achievement (new for 2008)

I'm looking forward to the winner announcements which will be announced on July 29th at the blackhat conference.

Finally the pwnie award nominations are out, a bit late though.

Of course we also got our nomination for the infamous openssl issue in the Most Epic FAIL category as well as one nomination for Luciano for the discovery of this in the Mass0wnage section :/

I nominated Wonderware (I wrote about that before) in the Lamest vendor response category, looks like it has been accepted.

wordpress also got its place in the Mass0wnage category:

An unbelievable number of WordPress vulnerabilities (CVE-2008-*)

Discovered by: everybody who cared to look

It seems like hardly a week goes by without a new vulnerability in WordPress or one of its many plugins. Many of them are actively being exploited to own popular WordPress blogs and use them to serve spam or client-side exploits to unsuspecting visitors. The popularity of WordPress combined with the abysmal security practices of WordPress plugin developers places the entire Internet at risk and is worty of a nomination.

138 reported vulnerabilities since 2004 referring to MITRE, shocking!

The Darwin awards for 2007 are out. A price for those who improve our gene pool by removing themselves from it.

And the winner by votes is:

Coitus Interruptus:
"What goes up must come down."

(20 June 2007, South Carolina) A passing cabbie found a 21 year-old couple Znaked and injured in the road an hour before sunrise. The two people died at the nearest hospital without regaining consciousness. Authorities were at a loss to explain what had happened. There were no witnesses, no trace of clothing, and no wrecked cars or motorcycles.

Investigators eventually found a clue high on the roof of a nearby building: two sets of neatly folded clothes. Safe sex takes on a whole new meaning when you are perched on the edge of a pyramid-shaped metal roof. "It appears as if [they] accidentally fell off the roof," Sgt. Florence McCants said.


This is a true Darwin Award trifecta: TWO people die, WHILE in the act of procreation, due to an ASTONISHINGLY poor decision. Bottom line: If you put yourself in a precarious "position" at the edge of a pointy roof, you may well find yourself coming and going at the same time.

Ironically, one of the deceased was named "Tumbleston."
(Some reports list the name as "Tubleston.")