Hackers in the limelight: Scenes from Black Hat 2012

The annual security fest featured thrills and chills as the pros did their best to make everyone feel afraid

Breaking in: Security experts do their best
Breaking in: Security experts do their best

Government and corporate security professionals descend on Caesar's Palace in Las Vegas this week for the annual exchange of information on the latest attacks and suggestions for defenses. In its 15th year, the Black Hat security conference has become an important mecca for the information security community.

As is the conference's tradition, speakers showed off how they could make or prove almost anything insecure, upping the ante for both black hat and white hat hackers with their exploits. Some offered encouragement that the good guys could even win.

Henry: Private sector must strike back on network defense
Henry: Private sector must strike back on network defense

Private-sector defenses are failing, and defenders need to gather intelligence and be more proactive, former FBI Executive Assistant Director Shawn Henry told attendees during the opening keynote. "I'm not talking about hacking back," said Henry, who now heads up the services subsidiary of security startup CrowdStrike. "We can be proactive on the network and make it difficult for the attacker."

Moss: I fear Google more than I fear the government
Moss: "I fear Google more than I fear the government"

A panel of five security experts debated the balance of security and privacy: from left to right, Black Hat founder and ICANN chief security officer Jeff Moss, Adam Shostack of Microsoft, Jennifer Granick of Stanford Law School, Bruce Schneier of BT, and Marcus Ranum of Tenable Security. "I fear Google more than I fear the government," Moss said.

Alonso's poisoned JavaScript exploit makes hackers happy
Alonso's poisoned JavaScript exploit makes hackers happy

Spanish security researcher Chema Alonso created a proxy server that poisoned JavaScript files that flowed through the server and eavesdropped on user communications. Just by posting on a list of proxy servers, Alonso compromised the communications of some 4,000 machines, discovering that phishers, spammers, and other fraudsters had quickly started using the system.

Stephenson: Could online game wars turn into real ones?
Stephenson: Could online game wars turn into real ones?

Writer Neal Stephenson -- best know for "Snow Crash" and "Neuromance" -- talked about technology and his latest book, "Reamde." The book takes place in the near future when conflicts in an online game spill over into the real world.

Apple: Hey, iOS is secure, and here's why
Apple: Hey, iOS is secure, and here's why

Apple surprised the security community by publishing a security white paper in May and sending a speaker to talk about the security architecture of the iOS mobile operating system. Apple has used pervasive sandboxing, reduced privileges, and implemented a great deal of code signing and data encryption to protect its platform, says Dallas De Atley, manager of the platform security team at Apple.

Flynn: Sorry, but intrusion detection doesn't work
Flynn: Sorry, but intrusion detection doesn't work

Intrusion detection systems have largely failed the companies that use them, Facebook security engineer John "Four" Flynn told reporters during a press conference.