The bigger question for me as a CIO is how do we respond to protect our data as it wanders around outside the relative safety of the corporate environment. Given the significant negative impact every time someone "loses" a laptop with personal and corporate data on it, like here and here, the risk is real.
What are you doing about it? Is the risk real or is this another lab experiment unlikely to propagate into the wild?
Freedom to Tinker » Blog Archive » New Research Result: Cold Boot Attacks on Disk Encryption: "Freedom to Tinker
… is your freedom to understand, discuss, repair, and modify the technological devices you own.
New Research Result: Cold Boot Attacks on Disk Encryption
February 21st, 2008 by Ed Felten
Today eight colleagues and I are releasing a significant new research result. We show that disk encryption, the standard approach to protecting sensitive data on laptops, can be defeated by relatively simple methods. We demonstrate our methods by using them to defeat three popular disk encryption products: BitLocker, which comes with Windows Vista; FileVault, which comes with MacOS X; and dm-crypt, which is used with Linux. The research team includes J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten.
Our site has links to the paper, an explanatory video, and other materials.
The root of the problem lies in an unexpected property of today’s "
Posts
