Talk to anyone who attends Black Hat USA conferences and you'll hear about how boring the talks are, how nobody learned anything new, how the hacks were known last year — not to mention the ridiculous posers. Ask those same attendees if they plan to attend next year, and they say "yeah" as fast as a poker player pushing all in with pocket aces.

[ RogerGrimes's column is now a blog! Get the latest IT security news from the Security Adviser blog. ]

I learned that pushing all in with pocket 5s in Las Vegas apparently isn't nearly as smart, but that's another topic.

While many of this year's Black Hat sessions were ultraboring — I walked out of more talks than I stayed in — I learned all sorts of interesting factoids. And although there wasn't, as in the past, any raw meat flying into the audience, some of the speakers were superknowledgeable and entertaining. Here are the ones that seemed to impress the audiences in the sessions I attended:

Hacking Macs is easy
And my Microsoft, Windows-loving self didn't say this. It was self-proclaimed Mac enthusiast and security researcher, Charles Miller, Ph.D., principal security analyst with Independent Security Evaluators. He talked about how easy it was to hack Leopard and iPhones, which share a common root OS.

Essentially, Dr. Miller said that Apple was falling down on the job and making its OS way too easy to hack. He said he found more than 50 OS X programs that run in the SUID (Set User ID) context, most of which had been made non-SUID by most Unix and Linux distros years ago. He said that OS X doesn't randomize memory, the stack, heap, or kernel instruction pointers, which are simple antibuffer overflow mechanisms deployed in Windows, Linux, BSD, and many other OSes.

He continued by listing dozens of old programs and libraries patched in other OSes that Apple is still installing by default, or just getting around to patching. Dr. Miller showed the crowd two recent JavaScript exploits (one on OS X and the other for the iPhone) and shared all the great reasons why the Mac OS X is an easy platform to exploit. He also shared his techniques for hacking iPhones and discussed several other tools that made finding Apple exploits easier. He was absolutely giddy about some of the new changes Apple is making that will simplify the life of a hacker, er, researcher in the coming months.

Ultimately, Dr. Miller lamented Apple's growing market share as matched against its current state of security design. A member of audience put it this way: "Apple is like this little ole, family-town sheriff who's moved to inner-city D.C. and is attempting to spread the love. It won't be pretty."

Hacking RFID
For my money, Chris Paget, director of R&D for IOActive, provided great entertainment from his RFID hacking demos and gun-shooting videos. Paget and his company developed a low-cost, handheld device for cloning RFID cards. Paget held up several RFID cards, waved them close to his cloning device, and in seconds created a usable copy of the original RFID card. He even placed one of the RFID cards into a protective sleeve that is advertised to keep the RFID card safe from cloning. Within 3 seconds, his device successfully read the information stored on the RFID card. In conclusion, Paget said, "If you use 125KHz proximity cards, your doors are highly insecure!"