Pwnie Awards 2013 Winners: Barnaby Jack, Edward Snowden, Hakin9, Evad3rs

hypnosec writes "Winners of the Pwnie Awards 2013 were announced at a special event during the Black Hat security conference in Las Vegas. The highlight of the awards were Edward Snowden, Hakin9 and Barnaby Jack. Barnaby Jack was given posthumous Pwnie award for 'lifetime achievement' while Edward Snowden and the NSA were jointly given the award of 'Epic 0wnage'. Hakin9 on the other hand was awarded 'Most Epic FAIL'. Best Privilege Escalation Bug award went to David Wang aka planetbeing and the Evad3rs team."

NMAP didn't get EPIC FAIL!

[Jeremiah Cornelius]

"Hacking9 Magazine" got Epic Fail award, for an article called: "Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning"

It was a spoof paper, written to expose the CRAP editorial policy at Hacking9.

They were PWN3D by a whitepaper...

http://seclists.org/nmap-dev/2012/q3/1050 [seclists.org]

"They clearly chose that title so just so they could refer to it as DICKS throughout the paper. There is even an ASCII penis in the "sample output" section, but apparently none of this raised any flags from Hakin9's "review board"."

Re:

[Xest]

Or an out-of-his-depth middle manager.

Re:

[Yakasha]

Only some kind of random generator could come up with such a load of crap ...

Or an out-of-his-depth middle manager.

Score -1: redundant

Re:

[Connie_Lingus]

holy shit is that funny!

"Further, we removed a 7TB USB key from our highly- available cluster to consider our Xbox network."

i can just imagine the people at "Hacking9 Magazine" now saying..."hey, yeah of course we knew all along it was a joke...hahahah...what you thought we didn't (looks around nervously)?

Re: why was nmap a fail?

[Anonymous Coward]

I was wondering that too. Turns out nmap didn't get the epic fail award:

http://seclists.org/nmap-dev/2012/q3/1050

Fucking hilarious in its own right, but even better considering the purpose of the joke paper was to point out the shortcomings of the journal's review process, and then /. frontpages a misquoted blurb about the paper.

Re:

[gigne]

Indeed. I just finished following the breadcrumbs to this, and the joke paper is amazingly well done.

NMAP didn't get an epic fail. Hackin9 magazine got butt0wned by the nmap guys

Gold:

"NMAP requires root access in order to allow B-trees."

Re:

[Desler]

It wasn't. As others have said the guy who writes the Parity News spam blog is simply an idiot. Slashdot should really stop providing that site with pages hits since it's simply a site that regurgitates other articles and does so poorly.

You morons

[Anonymous Coward]

Nmap didn't get the Pwnie for Most Epic FAIL. The Pwnie was awarded to Hackin9, which accepted and published an autogenerated article called "Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning". Publishing bullshit without reading, questioning or understanding, now where have I seen that before? You fucking morons.

Re:

[K. S. Kyosuke]

I always repent of going to church.

Re:You morons

[Anonymous Coward]

A better way to soothe my anger would be to remove the link to that stupid blog where that moronic statement originated, and to append a correction and an apology towards Nmap.

Re:

[lxs]

Channel that anger towards the filthy heathen you mean? I like the way you're thinking. Can we burn witches an have another crusade as well? Can we?

Re:

[K. S. Kyosuke]

Publishing bullshit without reading, questioning or understanding, now where have I seen that before

I'm quite sure they found the article polished enough for publication.

Re:

[gigne]

pertinent link http://seclists.org/nmap-dev/2012/q3/1050 [seclists.org]

Check out the acronym

[Johnny Loves Linux]

It's in the link above provided by anonymous coward, but just focus on the acronym for the title for the paper: DARPA Inference Cheking Kludge Scanning And you'll see the double down joke played on Hackin9.

Re:

[drolli]

If it was not slashdot, i would consider irony.

Nmap didn't fail, Hakin9 did

[WWWWolf]

Hakin9 is a magazine that's not exactly too reputable [attrition.org].

It looks like someone took a paper "written" using SciGen [mit.edu] and submitted it to them [seclists.org]. Because they didn't read the paper at all, they didn't notice it was absolute bullshit courtesy of finest context-free grammars people could code.

Brilliant work - not only is SciGen great for busting less than reputable scientific publications that don't exactly value this "peer review" thing, but now it has busted security magazines too.

Re: How is "pwnie" pronounced?

[mnemotronic]

O.M.G. $_s !!!

Re:

[JustOK]

ka-ching

Re:

[K. S. Kyosuke]

It looks Welsh, which would make it something like "poonie".

If you didn't rtfa

[MrL0G1C]

Quote:
"Edward Snowden's leak of NSA secrets was an epic example of the insider threat to information security, while his revalations convinced many that the entire Internet is thoroughly and epicly owned!"

Nicely put.

As for Nmaps Most Epic FAIL, anyone understand that?

Re:

[MrL0G1C]

Never mind the nmap bit, 1st-ish post covered it.

Etymology of Pwned and Pwnie

[wjcofkc]

I have been curious for awhile: does the term pwned, and Pwnie award, stem at all from the "OMG Pink Ponies" April first slashdot gag from a few years ago? The Pwnie awards does show a pink pony on their front page. Or does the term predate all that?

Really just curious, hope this isn't too off topic.

Re:

[oodaloop]

The definition in Urban Dictionary [urbandictionary.com] covers it well.

Re:

[cybernanga]

Long, long ago in the murky and misty history of the early internet, a young script kiddie, (most likely with an overinflated ego), tragically mistyped "Owned", probably due to having excessively greasy fingers, as is common with many basement-dwelling connoisseurs of junk-food.

Instead of "Owning" his opponent, he "Pwned" himself!

Word spread rapidly, generating much mirth in the community, and a meme was born.

Really? I thought it was just another leetism.

[Ungrounded Lightning]

Back in the days of netnews, store-and-forward email, private dialup BBSes, and a far lower proportion of script kiddies in cracker circles, there was concern that the government would be able to monitor (or already was monitoring) a larightrge amount of the Internet - netnews, mail, BBSes, etc., - and handle the volume by using keyword-searching software. (Snowden's recent revelations show their concerns were correct - through PERHAPS a bit early.) So some among the computer underground began obfuscating

News Flash: Slashdot actually wins Most Epic FAIL

[Cyfun]

Turns out they took the award from Hackin9 and gave it to Slashdot for their beautifully ironic quality of editing.

Browser pwnage competition?

[nuonguy]

Is this not the conference where they held a bake off to see which browsers and platforms withstood hacking attempts? I can't find any updates on their site about that.

Re:

[Lunix Nutcase]

No. That is Pwn2Own.

Snowden's Award

[godel_56]

They could have made Edward Snowden's award posthumous as well, as his old life is pretty much over.