Jacob Kepler/Bloomberg News

Here is a look at some of the highlights and scarier happenings taking place at the annual Black Hat hacker conference in Las Vegas this week.

WILL THE AUTHOR OF FLAME PLEASE STAND UP? Every year the Black Hat conference recognizes the security industry’s biggest achievements and failures with the Pwnie Awards, which is sort of like the Oscars of hacking.

There is an award for the year’s most “Epic Fail,” “Most Innovative Research,” “Epic Ownage” and even “Best Song.” It turns out there is a long tradition of hacker-written songs and raps, like “Give It Some Salt, ” a nominated song that explains LinkedIn’s password breach, in rap form. LinkedIn was also nominated for the “Epic Fail” award (“What has 2500 employees, over 90 million users, no C.S.O., and hates salt? This company.”)

But that honor ultimately went to F5 Networks, a security company, for a glitch in a popular security product. Typically, the winner of that Pwnie never shows up. But this year, an F5 employee walked to the podium, accepted the award, and even offered a few words of thanks. The final award for “Epic Ownage” went to the authors of Flame, the virus that spied on computers in Iran, which many believe to have been the work of the United States government. “Is the author of Flame in the audience?” Dino dai Zovi, a Pwnie judge, inquired. Nobody stood up.

YOUR HOTEL ROOM IS NOT SAFE. NEITHER IS YOUR AIRPLANE. Every year at Black Hat, hackers disclose vulnerabilities they have discovered in widely used systems like batteries and Wi-Fi networks. This year, the vulnerabilities were a little scarier than most.

In one talk, Cody Brocius, a security researcher, disclosed a loophole in hotel room locks made by Onity, whose locks are installed on more than four million hotel rooms globally. Mr. Brocius published his findings online, making it possible for just about any determined hacker to find his or her way into your hotel room.

Even scarier: soon, it will be possible to spy on and mimic air traffic controllers. In a presentation on Wednesday, Andrei Costin, a graduate student at Eurecom, the French security institute, shared a number of loopholes in the Automatic Dependent Surveillance-Broadcast system, which the government plans to swap with our current air traffic control system by 2020. Mr. Costin found that the new system’s communications are not well encrypted — which makes eavesdropping easy — and that it lacks the authentication necessary to keep someone from masquerading as an air traffic controller guiding your aircraft to landing.

SOMEONE WON $200,000.

Nicole Perlroth/The New York Times

Last year at Black Hat, Microsoft announced a new Blue Hat Prize for the person who could develop the best defensive technology for Windows. The goal, Microsoft said, was to encourage hackers to work on something larger than tracking down a one-off vulnerability. On Thursday night, Microsoft awarded its $200,000 prize to Vasilis Pappas, a Columbia University graduate student, for a defensive technology he developed, called “kBouncer,” which detects and prevents return-oriented programming attacks, a popular attack technique. Mr. Pappas, who was greeted with about 100 pounds of confetti, looked as if he might collapse from elation.

ONLINE CENSORSHIP IS GETTING WORSE. “The Internet is becoming less and less flat everyday,” Dan Kaminsky said in a talk Wednesday. Mr. Kaminsky vaulted to fame in 2008 after he uncovered a dangerous flaw in the basic plumbing of the Internet. His next project: ridding the Internet of censorship. “I.S.P.’s and governments are altering content on the Internet every day and, in most cases, it’s done silently,” he said. Mr. Kaminsky said he had been working with anticensorship groups to improve censorship detection by crowdsourcing it to a much larger pool of developers. “My goal is not to run a censorship detection service but to provide what’s already out there by funneling in a much larger data stream and doing it on a much larger scale.”

THE THREAT WON’T BE UNDERSTOOD UNTIL A CYBERDISASTER. This year’s Black Hat keynote speech was delivered by Shawn Henry, the Federal Bureau of Investigation’s recently retired top cybercop. It was bleak. The attacks we know of are only “the tip of the iceberg” Mr. Henry said. He said the public won’t comprehend the repercussions of a cyberattack until it affects something more tangible like their gas line or water supply. “We knew about Osama bin Laden in the early ’90s. After 9/11, it was a worldwide name,” Mr. Henry said. “I believe that type of thing can and will happen in the cyberenvironment. And I think after it does, people will start to pay attention.”

HACKERS PARTY HARD.

Nicole Perlroth/The New York Times

In the last 12 months, companies as diverse as Symantec, the security juggernaut, and LinkedIn, the social network, got hacked. And yet, you wouldn’t know it by the scantily clad dancers and elaborate alcohol ice luges at Black Hat parties. At one party at Pure, the nightclub in Caesar’s Palace, hackers and “security suits” mingled and posed for photos with dancers dressed in little more than a thin layer of mud. At another party at the Cosmopolitan’s Marquee nightclub, hackers, security researchers and executives drank from a giant ice luge emblazoned with the word “Microsoft.” One attendee bemoaned the self-congratulatory atmosphere: “It’s pathetic that we’re celebrating an industry that is completely ineffective.” Said another: “What are we supposed to do? Come to Vegas and sit alone, sober and depressed, in our hotel rooms?”

“IT’S WORSE THAN MEXICO.” Behind the booze, dancing, prizes and women, there was a palpable despair. The consensus among security researchers, White Hat hackers, government types and executives alike is that the cyberthreats we face are only getting bigger and more pernicious. Some compared the situation to Mexico’s drug war, with intrusions growing more brazen and no real headway being made to combat them.

On Wednesday, Mario Vuksan, a security researcher, presented a new open source project to rally the townspeople. He said his File Disinfection Framework aims to create a platform for idealistic-minded hackers to help organizations and internet service providers clean up their systems after an attack. “No single person or security company — I don’t care how good you are — can clean up everything,” Mr. Vuksan said over a beer the day after his presentation. “And unless you completely disinfect a system, it will come back.”

That was certainly the case in December after the F.B.I. helped the United States Chamber of Commerce clean up a monthslong cyberattack. Even after the chamber fixed its systems, a printer in one of its offices randomly started printing Chinese characters, and the group discovered that a thermometer in a chamber-owned apartment was communicating with an I.P. address in China. The goal of the File Disinfection Framework is to replicate the workings of the Black Hat hacker community, where hackers regularly put encrypted data — like six million LinkedIn passwords — online for others to crack.

Only, to do it for good. “We have far less people on our side,” Mr. Vuksan said. “But what other choice do we have? Do nothing?”