Full Text

Turn someone else's phone into an audio/video bug. Check.

Use Dropbox as a backdoor into corporate networks. Check.

Suck information out of pacemakers. Check.

The Black Hat conference convening in Las Vegas next week offers hacker tools for all of those plus more.

[LOOKING BACK: 10 scariest hacks from Black Hat and Defcon

QUIZ: Black Hat's most notorious incidents

MUST SEE: 10 more of the world's coolest data centers]

Intended to provide good-guy researchers with tools to test the security of networks and devices, the free tools distributed at the conference can also be used by the bad guys to break into networks, steal data and thwart defenses designed to expose malware halt attacks.

Over the course of two days white-hat hackers from consultancies, universities and vendors will present more than 100 briefings on vulnerabilities and exploits they have discovered, and in many cases releasing tools that would be useful to hackers.

Many of the specific exploits they expose in specific commercial products have been reported to the vendors and been patched already, but other tools can be more widely applied.

Here are some of the hacker tips promised as part of the Black Hat briefing agenda:

= A tool called BREACH will be released that pulls encrypted secrets from HTTPS streams. During the same session, speakers from Salesforce.com and Square will use BREACH to demonstrate an exploit against "a major enterprise product" that retrieves session identifiers, CSRF tokens, email addresses and the like in under 30 seconds from an HTTPS channel.

= An attack tool that its authors say can defeat commercial products designed to mitigate DDoS attacks will be made freely available. Proof that it works will be supplied by testing results against specific products as implemented on Web sites known to employ them. Bloodspear Research Group will present a new DDoS defense that thwarts BloodSpear's own attack tool.

= A tool to automate information gathering that can be used to make spear phishing messages more convincing by mimicking how individuals interact with others, with whom they interact and the vocabulary and phrasing they use. This tool from researchers at Trustwave's Spider Labs grabs the data from publicly available sites using both APIs and screen scraping. It then analyzes the data to...