My favorite security show each year is one at which there are no sales pitches, the speakers favor black T-shirts and dyed hair over suits and ties, and the talks tend to be controversial enough to prompt legal threats and even arrests.

I'm talking about Defcon, which starts Thursday and runs through Sunday. The event turns part of the Las Vegas strip into a geek equivalent of "Animal House" for a three-day weekend every summer.

Started in 1993 by Jeff Moss, aka Dark Tangent, Defcon brings together some of the top security experts from around the world, along with thousands of hacker wannabes whose pranks in previous years--hacking the elevators and ATMs and cementing the toilets, to name a few--have led to bans at certain hotels.

"One good thing about the [economic] downturn is that the Riviera Hotel has been easier to deal with," said Moss, who was recently named to the Homeland Security Advisory Council. "They're letting us have access to the pool, so we'll have pool parties, and they've allowed us to do more social things that we wanted to do."

In addition to being a hacker playground and summer camp, Defcon is a semi-neutral ground where people who blur the lines of legality mingle with federal agents whose job it is to hunt them down.

Moss also heads up Defcon's big-sister conference, Black Hat, whose briefings schedule runs Wednesday and Thursday at the more upscale but no less kitschy Caesars Palace. (Black Hat training sessions started over the weekend.)

While Black Hat is more professional, with vendor tables in the lobby and respectable product presentations in meeting rooms, Defcon is a chaotic tableau of goth-attired groupies, script kiddies hunkered over laptops lining the hallways at all hours of the night and gray-haired hackers who were likely teens when they first started coming to the event.

The presentations are usually top-notch (many of them duplicates from the more expensive Black Hat show), but Defcon is known just as much for the activities going on outside of the sessions.

There's Hacker Jeopardy, Hacker Karaoke, an artwork contest, geo-caching events, a beverage cooling contraption contest, organized target shooting, a Capture the Flag penetration testing competition, lock picking workshops, a PGP Key Signing Party, DJs, a scavenger hunt, the highly popular Spot the Fed contest, a competition to find the best social engineer and a Cannonball Run car race described as "a race against time over 288 miles of road" from Redondo Beach to Las Vegas on Thursday.

Despite the recession, both events are expected to be crowded.

"We had been expecting 30 percent fewer attendees and in reality we're only going to have 10 to 15 percent fewer," Moss said. "The market went down and all of this research came up."

The research topics run the gamut of vulnerabilities and exploits on everything from iPhones to smart grids. One session deals with air traffic control security (or lack thereof). Others have to do with injecting electromagnet pulses into the wiring system of jets, insecurities with Firefox plug-ins, cloud computing security issues and a new tool to send controversial news to censored countries without using proxy servers.

Unveiling a darknet
Several researchers are going to release a tool for hacking into Oracle databases. Meanwhile, two Hewlett-Packard researchers plan to demonstrate a proof-of-concept browser-based darknet type of network called "Veiled" that allows for the creation of a secure, decentralized peer-to-peer network in which no client software is downloaded.

"The clients are the owners of the files and there is no single point of failure," said Matt Wood, a senior researcher in the Web Security Research Group at HP Software and Solutions. "No one in the government can go to you and say 'we need the files.'"

Interesting session titles include "Cracking 400,000 Passwords, or How to Explain to Your Roommate why the Power Bill is a Little High," "Manipulation and Abuse of the Consumer Credit Reporting Agencies," "Hacking Capitalism '09," and "'Smart' Parking Meter Implementations, Globalism, and You (aka Meter Maids Eat Their Young)."

There's always a Meet the Fed panel with representatives from all the major defense and security-related government agencies. And well-known keynote speakers and presenters include Robert Lentz, chief security officer for the Department of Defense; Rod Beckstrom, former Director of the National Cyber Security Center in the U.S. Department of Homeland Security; Adam Savage, co-host of the "MythBusters" TV show; and perennial favorite Bruce Schneier, security guru and chief technology officer of BT Counterpane.

When hackers go public with details on exploits, vendors get nervous--companies have moved to block presentations at the shows over the years. This year is no exception. Juniper Networks pulled a talk one of its researchers was set to give about a flaw in ATM software after the ATM vendor complained. In his presentation entitled "Jackpotting Automated Teller Machines," Barnaby Jack was planning to provide a live demonstration of an attack on an automated teller machine.

"I'm disappointed Barnaby Jack's talk was canceled," said Moss. Another speaker this year was "forced or encouraged" not to release a tool, Moss said, but he couldn't remember which speaker or talk it was.

Last year, a talk on hacking smartcards used in the Boston subway system was blocked after a federal judge granted the Massachusetts transit authority's request for an injunction. In 2005, a security researcher was sued after giving a presentation at Defcon on how attackers could take over Cisco Systems routers. And in 2001, the FBI took Russian crypto expert Dmitry Sklyarov into custody at his Las Vegas hotel the day after he gave a Defcon talk about insecurities in e-book security software. All cases were eventually settled.

Defcon averted another type of legal debacle this year--the importation of its microprocessor-dependent badges, which are needed for the badge-hacking contest.

"I'm excited the badges for Defcon will be here," Moss said gleefully. "They were held up in Chinese customs for two months. It was a complete nightmare."

Windows 7 will be more than just a better interface. Under-the-hood changes will allow chips from Intel, Nvidia, and Advanced Micro Devices to ratchet up Windows 7 performance above previous Microsoft operating systems.

Microsoft on Wednesday said it has finalized the code for Windows 7, set to ship with new PCs starting October 22. Improvements will include how Windows handles multitasking, graphics acceleration, and solid-state drives.

Microsoft is working closely with Intel, whose chips will power the vast majority of PCs running Windows 7. A July 22 post from Joakim Lialias, Intel Alliance Manager for Microsoft, described how Microsoft and Intel "saw unique opportunities to optimize Windows 7 for Intel processor technology" in the areas of performance, power management, and graphics.

In his blog, Lialias focused on improvements to multitasking based on "SMT Parking," which provides additional support to the Windows 7 scheduler for Intel Hyper-threading Technology. With Hyper-threading, the operating system sees a single processor core as two cores. For example, a quad-core system would be seen as having eight cores, thus potentially improving multitasking--or doing tasks (threads) simultaneously.

Hyper-threading is back in vogue at Intel after being pulled from Intel Core 2 chips (it debuted in the Pentium 4 processor). Nehalem Core "i" series processors use Hyper-threading, as do Atom chips. Intel, in fact, now includes Hyper-threading as part of a chip's core specifications. The Core i7-975 processor, for example, is listed as "4 Cores, 8 Threads."

Lialias also mentioned enhancements to boot and shutdown times. "Our mutual goal was to provide the most responsive compute experience possible." (Lialias' blog was cited in a PC World article.)

Windows 7 will also do more than previous operating systems with graphics--and here, DirectX 11 stands out as the most highly anticipated technology. A recent AMD blog describes a "beast called the tessellator...which enables games developers to create smoother, less blocky and more organic looking objects in games." The blog discusses how DirectX has been redesigned "to ensure that it is much more efficient" at using multicore processors, such as the AMD Opteron chip.

Beyond games, Windows 7 has the potential to turn a graphics processing unit (GPU) from AMD or Nvidia into a general-purpose compute engine, used to accelerate everyday computing tasks like a CPU. Specifically, "the compute shader" can be used to speed up more common computing tasks. The buzz word used to describe this technology is a mouthful: GPGPU or general-purpose graphics processing unit.

In an April interview, Sumit Gupta, product manager for Nvidia's Tesla products, described GPGPU in some detail. "What that essentially means to consumers is, if your laptop has an Nvidia GPU or ATI GPU, it will run the operating system faster because the operating system will essentially see two processors in the system. For the first time, the operating system is going to see the GPU both as a graphics chip and as a compute engine," he said.

Gupta gave an example of launching an application. "For example, when you launch (Google) Picasa, that is completely run on the CPU. (But) the minute you choose an image and apply a filter, that filter should run on the GPU," he said.

Another beneficiary of improved Windows 7 technology: solid-state drives, which are typically faster than hard-disk drives and gaining ground in niche markets such as high-end laptops, gaming PCs, and servers.

SSDs will be able to take advantage of Windows 7 technology called the Trim Command. In a recent interview, Troy Winslow, marketing manager for the NAND Products Group at Intel, explained the significance of the Windows 7 Trim Command, which clears up free area on a solid-state drive.

Two researchers for Hewlett-Packard have created a browser-based darknet, an idea that could make it easier for businesses to keep eavesdroppers from uncovering confidential information.

Darknets are encrypted peer-to-peer networks normally used to communicate files between closed groups of people. Most darknets require a certain level of technological literacy to set up and maintain, including taking care of the necessary servers. However, HP researchers Billy Hoffman and Matt Wood plan next week to demonstrate a browser-based darknet called "Veiled," which they claim requires little proficiency to set up and run.

"This will really lower the barriers to participation," Wood told ZDNet UK. "If you want to create a darknet, you can send an encrypted e-mail saying, 'Here's the URL.' When (the recipient visits) the Web site, the browser can just get (the darknet application) going."

Hoffman and Wood are scheduled to demonstrate the technology next week at the Black Hat security conference in Las Vegas.

Wood said HP does not want to turn the project into a commercial product. While the company does not plan to make the source code available, the researchers do plan to open source their idea, so to speak, so other security researchers can "pick up the baton."

"HP has no desire to patent or copyright or release any code," Wood said. "Black Hat is one of the top security conferences, and we want to get this cool idea into the hands of people who are really smart."

Businesses could use browser-based darknets to set up workgroups to exchange commercially sensitive information, or to have a means of making anonymous suggestions to management, Wood said. "I like the idea of a suggestions box on the Web," he said. "It provides an anonymous way to make suggestions to your boss."

HP's darknet research came about when the researchers realized the potential of new browser technologies, according to Wood.

Browsers with HTML 5 support--such as recent versions of Firefox, Safari and Internet Explorer--allow files to be stored "persistently" on the client, for working on them when offline. This feature, coupled with the distributed grid-computing nature of a darknet, means files can be effectively uploaded in perpetuity, even when the initial browser has been shut down. It also makes the darknet resilient, said Wood.

"One of the benefits of a darknet is that they are distributed," said Wood. "To destroy it, you would have to take down all of the clients, because if one server gets compromised, you just shift to a different server. They can hop around."

Advances in JavaScript engines, such as Google's Chrome V8 and Mozilla's TraceMonkey, have also helped make browser-based darknets possible, according to Wood. These engines allow browser-based communications to be set up quickly and encrypted. The Veiled darknet uses RSA public key cryptography, but any cryptography will work.

"Cool advances in JavaScript technology allow encryption in the browser," said Wood. "Browsers are getting really powerful."