‘web browser’, but don't forget about all the media player integer overflows!
Chrome to win Google's Pwnium competition at CanSecWest.
Pwnie for Most Epic FAIL
Sometimes giving 110% just makes your FAIL that much more epic. And what use would the Internet be if it wasn't there to document this FAIL for all time?
This award is to honor a person or company's spectacularly epic FAIL. And the nominees are:
F5 Static Root SSH Key
F5 Networks
Including a SSH authentication public key for root on all F5 devices is nice, putting the private key for it in the firmware where it can be found and then used against any other F5 device is even better. For FAIL, press F5.
"Flame" Windows Update MD5 Collision Attack
Flame Authors
Any attack that requires a breakthrough in cryptography to pull off is pretty cool in our book. And being able to pwn any Windows machine through Windows Update is pretty mass 0wnage.
Pwnie for Best Privilege Escalation Bug
MS11-098: Windows Kernel Exception Handler Vulnerability (CVE-2011-2018)
Credit: Mateusz "j00ru" Jurczyk
j00ru owned Windows. All of them. Ok, well just all of the 32-bit versions of Windows from NT through the Windows 8 Developer Preview. What have you done lately? And to top it off, he wrote a clear paper on it with some of the nicest boxy diagrams we have ever seen in a LaTeX paper.
"Are we there yet?" MySQL Authentication Bypass (CVE-2012-2122)
On vulnerable versions of MySQL simply asking to authenticate repeatedly enough times is enough to bypass authentication: "Can I log in as root now?"
"How about now?"
"Now?"
For actual details, check out Pwnie Judge extraordinaire HD Moore's blog post.
Since the authentication protocol generates a different hash each time this comparison is done, there is a 1 in 256 chance that ANY password would be accepted for authentication.
In short, if you try to authenticate to a MySQL server affected by this flaw, there is a chance it will accept your password even if the wrong one was supplied. The following one-liner in bash will provide access to an affected MySQL server as the root user account, without actually knowing the password.
$ for i in
q
mysql>
If you'd like to give this a try yourself, download Metasploit now for free.