LAS VEGAS —The death of famed hacker Barnaby Jack last week cast a pall over the Black Hat 2013 security conference here, and nowhere was that felt more than at the annual Pwnie Awards presentation Wednesday (July 31).
"I think everyone on this [judging] panel could definitely call this guy a friend," awards judge Chris Valasek said, referring to Jack. "Me personally, I loved the man. He never didn't put a smile on my face. Always had a blast."
The rowdy, funny Pwnie Awards are to information security what the Razzie Awards to movies — a way to celebrate the lows, as well as the highs, of the previous year, with awards such as "Best Client-Side Bug" and "Most Epic Fail." ("Pwned" and "owned" are tech slang for being dominated or defeated.)
Winners walk away with a stylized "My Little Pony" statuette, complete with rainbow mane and, in the newer editions, crystals embedded in the plastic equine's hindquarters.
Some winners never show to collect their statuettes. Such was the case with the "Best Client-Side Bug" Pwnie, awarded to the unknown and probably criminal author of the Adobe Flash Player RegExp Overflow exploit that enabled drive-by download infections of Windows, Macintosh and Linux Web browsers alike.
"What zero-day gets remote code execution with advanced heap manipulation and highly targeted attacks?" joked the Pwnie Awards nomination page in heavy security-speak. "This bug!"
Nor did anyone walk up to the podium to collect the award for "Epic 0wnage," which jointly went to the National Security Agency and NSA leaker Edward Snowden.
"Edward Snowden's leak of NSA secrets was an epic example of the insider threat to information security," stated the Pwnie Awards website, "while his revelations convinced many that the entire Internet is thoroughly and epicly owned!"
NSA Director Gen. Keith Alexander had delivered the opening keynote address at Black Hat that morning to a somewhat hostile audience. Meanwhile, Snowden was being granted permission to leave the international transit lounge of Moscow's Sheremetyevo International Airport and enter Russia.
Another noteworthy Pwnie Awards was for "Best Privilege Escalation Bug," which went to iPhone hacker David Wang and the rest of the "evad3rs" team for the "Evasi0n" jailbreak of iOS 6.
"Most Epic Fail" went to the Polish print and online magazine Hackin9 for accepting and publishing a hoax paper consisting entirely of meaningless technical jargon, part of which can still be found online.
The Pwnie judges also handed out an award for "Best Song," which went to the nerdcore duo DualCore for their raucous "All the Things."
As he accepted the award, Dual Core frontman "Int Eighty" deflected audience requests for a freestyle rap.
"I'd like to forgo a freestyle on this," Int Eighty said, "and dedicate this Pwnie to a hacker that I know that embraced the hyperbole of the hook, 'drink all the booze, hack all the things,' and I dedicate this to Barnaby Jack."
Valasek, who had worked at Seattle-based ioActive with Jack and is himself best known for his recent hack of a Toyota Prius, took the stage to award the Lifetime Achievement Pwnie.
"I think a lot of people in this room remember him as the guy who hacked ATMs or pacemakers, and I think some of the older people in this room remember him as the dark spirit writing Win32 buffer overflows," Valasek said. "When he walked into the bar, everyone wanted to be around him. Girls wanted to be around him, guys wanted to be him.
"He was just a charming person and a good dude, and think we're all gonna miss him. I know I will for sure," Valasek said. "Being in Vegas definitely isn't the same without the man. The Pwnie for Lifetime Achievement goes to Barnaby Jack."