Sony, GeoHot Earn Black Hat Pwnie Awards

Black Hat conference attendees roared and wept as the winners of the Pwnie Awards were announced last night in Las Vegas. Quite a few of the awards went to researchers for amazing discoveries that only their peers truly understand.

Representatives from Norman, a major Norwegian security company, cheered as their researcher Tarjei Mandt took the prize for Best Privilege Escalation Bug. Mandt discovered more than 40 vulnerabilities in the Windows kernel using his own unique exploitation techniques.

The winner of the Pwnie for lifetime achievement goes by the name pipacs. Referring to Microsoft's just-announced Blue Hat Prize, Emcee Dino Dai Zovi noted "In an environment where Microsoft awards $200,000 for mitigation ideas that they can then patent and monopolize, [pipacs] has freely shared his ideas out of intellectual openness, but also out of a rather endearing mixture of humility and incredulity at the general retardedness of others."

It's no surprise that Sony won the Pwnie for Most Epic Fail, given that all five nominees were Sony. Apparently nobody from Sony attended the event; at least, nobody stepped up to claim the prize. Geohot, the hacker who revealed vulnerabilities in the PS3's security, won the Pwnie for Best Song.

Last, and certainly not least, came the Pwnie for Epic 0wnage. Nominated were Anonymous , Bradley Manning and Wikileaks, LulzSec and the Stuxnet worm. I predicted that although Stuxnet deserved the award, LulzSec would win. I was wrong; Stuxnet took the prize. Full details of the winners and "winners" can be found here.

About Our Expert

Neil J. Rubenking

Principal Writer, Security

My Experience

When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.

Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my "User to User" and "Ask Neil" columns, which began in 1990 and ran for almost 20 years. Along the way, I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.

In the early 2000s, I turned my focus to security and the growing antivirus industry. After years of working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.

The Technology I Use

Much of the testing I do, particularly testing with real-world ransomware, is just plain dangerous. To perform such tests safely, I sequester them inside virtual machines managed by VMWare Workstation. For cross-platform testing, I use a MacBook Air, a Google Pixel 4, and a 6th-generation iPad.

I rely on my Delphi coding skills to create and maintain small applications. These include programs to check whether an antivirus correctly handled the malware it detected, launch dangerous URLs and record the security program’s reaction, and analyze the malware that I collect for use in testing. I also wrote a tiny browser and text editor for use in testing security apps that have predefined reactions for known products.

I do my writing and research on a Dell OptiPlex desktop, relying on Microsoft Word (my fingers know all the shortcuts). Many of my articles include charts and analysis; Excel is my go-to for those. When work hours end, though, I escape the bounds of Microsoft and Windows. There’s an iPhone in my pocket, I relax with my oversized iPad, and my Kindle Oasis is always loaded with the best science fiction and fantasy.

Read the latest from Neil J. Rubenking

Read full bio