The Black Hat Convention in Las Vegas is a chance for the best good-guy hackers in the world to get together and laugh at the mistakes that they spotted and helped to fix. The annual convention's award show, the Pwnies, ranks the stupidest security holes, corporate reactions and the smartest hacks.
A "Pwnie" is actually a My Little Pony toy with the Black Hat logo painted on the side. It's generally not something that you'd want to win, but the yearly results are always entertaining. Here's how it shook out:
Best server-side bug: Heartbleed was the clear winner in terms of server-side bugs. Its release exposed gaping flaws in many Secure Socket Layer networks, and forced companies to update their security protocols.
Most innovative research: RSA Key Extract Via Low-Bandwidth Acoustic Cryptanalysis is a hack that allows researchers and information specialists to decrypt files using the sounds produced by a laptop computer. The tool will probably be used in military or espionage circles.
Lamest vendor response: When a vulnerability was discovered in AVG, the company tried to claim that the security hole was there "by design" to shirk the blame. In the future, AVG, I'd suggest that you admit when you're wrong unless you want to get another award from the same people who are paid to figure out how to break your software.
Most Epic 0wnage: Mt. Gox, the largest distributor of bitcoins, received a Pwnie this year. The problem is, the award was doled out to angry users of the cryptocurrency who hacked the website's blog after it was revealed that Mark Karpeles, the company's CEO, may have stolen 100,000 bitcoins for himself.
Stick around for more of my coverage of the Black Hat convention. I'll be revealing the latest security alerts as they are announced by the hackers themselves.