Top 10 of Black Hat and Defcon

5. Cloud computing

Cloud computing is the buzzword of the industry at the moment, but plenty of people are expressing severe doubts about its security.

In some ways, cloud computing is nothing more than an extension of the old client/server model that was the basis of early computing. But the idea today is that companies should outsource certain key functions to third-party providers that would hold the data for you.

Naturally the bean-counters love this, since it allows them to get rid of costly infrastructure and staff. IT staff, however, are more wary. They point out that, in some cases, it could mean that companies lose control of their data and expose themselves to liability. After all, data is key to success these days.

Take Google Apps, for example. All the information on Gmail and Google Apps is stored in the company's servers in the US. Google is a reputable company, but under the American Patriot Act the US government has the legal right to access all and any information on servers in its country. This raised all sorts of red flags for European visitors.

4. AES hacking

The Advanced Encryption Standard (AES) is supposed to be the gold standard of cryptography. A while ago someone produced a theoretical attack, but it was hardly practical. Unfortunately, there's a new attack and it works.

Discovered by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich and Adi Shamir, the new attack is all the more devastating because it works against AES using a 256-bit key length, which is supposed to be the really safe form of encryption. The difficulty in breaking encryption is related to key length and, while most people are happy with AES 128, the more paranoid, or those with really valuable data, use AES 256.

The attack isn't perfect by any means. It can only be used against AES 256, it still takes a huge amount of time and it requires the attacker to have access to some pretty scary information. But AES failing is a major worry nevertheless.

3. ATM hacking

Cash machines are an essential part of life these days. When was the last time you went to a bank and actually cashed a cheque when you could just have used a cash machine?

As such they are a very valuable target for data thieves. In the past the chief method of getting ATM PINs was shoulder surfing, peering over a target to get their number and then stealing the card. More advanced criminals put a card reader over the front of the ATM card slot and a camera in the lid to record keystrokes.

But Italian researchers Andrea Barisani and Daniele Bianco showed that entering a PIN causes fluctuations in a terminal's power supply that could reveal the number via the earth wire. More worryingly, the same hack could be carried out on a standard PS/2 keyboard. Maybe it's time to look at cheques again.

2. Microsoft

In the past, Microsoft has taken to advanced security like a duck to volcanic lava, but the company is making serious efforts to engage the community to solve its security problems.

At the conference this year, Microsoft showed its commitment to working with the hacking and IT community. Microsoft code isn't necessarily less secure than any other company's, but its near-monopoly position makes it the number-one target and, with the global cracking community going after it, stern remedies are needed.

This time Microsoft released a new tool that allows IT administrators to scan the hexadecimal code behind its documents, which would let someone with limited technical skill find out whether malware was embedded in one of its files, a favourite method of attackers.

In addition Microsoft reinforced its Exploitability Index, which allows IT managers to manage risk more effectively and decide what areas need addressing more quickly than others.