[ShadowAce]

[Still Thinking]

Felten adds that even using Trusted Computing hardware doesn't help.

Now there's an understatement. ;-)

[ThePythonicCow]

See also related FR posts at

• Attack on computer memory reveals vulnerability of widely-used security systems, and
• New Research Result: Cold Boot Attacks on Disk Encryption (keys vulnerable in DRAM after power cut).

[Swordmaker]

File Vault on OSX is not 100% secure... 99.9999% but not 100%. Same for BitLocker on Wndows... PING!

Really out-of-the-realm-of-possibility security vulnerability discovered in encrypted disks on both Apple OS X and Windows Vista...

If you want on or off the Mac Ping List, Freepmail me.

[6SJ7]

Watch out for cryogenic data pirates!

[Sunnyflorida]

Moral of the story: there are no perfect locks, only perfect fools that trust in them.

[TheBattman]

This requires physical access to the computer and fairly extra-ordinary methods (chilling the RAM to -54 degrees, removing it, putting in another computer, and read). While I won’t say that folks wouldn’t go through that for data, I believe it would likely be an extraordinary case - like national security or BIG bucks. And I believe that such extreme cases would probalby also involve more serious security protection than what comes “stock” on those computers.

[antiRepublicrat]

Felten’s good at finding vulnerabilities. Still, this is a pretty esoteric hack.

[TChad]

And thus a new occupation is born, the “Field Data Recovery Specialist.” Armed with his power screwdriver, cans of compressed air looped onto his belt, battery-powered “memory preserver” in his backpack, when the cops break down the doors the intrepid FDRS follows close behind.

[TChad]

Peter Biddle, the guy in charge of Microsoft's Bitlocker security program, says that this is not a new attack, and that Bitlocker, properly configured, defends against its use on a hibernating laptop. Moreover he says that Bitlocker in Vista SP1 will defend even better against it by permitting use of both a boot PIN and a USB dongle.