Looks like Blackhat Federal 2008 was a bit of a sleeper (surprise, surprise), but it looks like at least one interesting thing came out of it.

Encryption software designed to guard sensitive data on laptops can be circumvented by searching the computers’ volatile memory for traces of the encryption keys, a group of computer-security researchers said in a paper published on Thursday.

The paper, Lest We Remember: Cold Boot Attacks on Encryption Keys, explores the security implications of data’s tendency to remain in a computer’s random access memory (RAM) even after the system is shut down. While RAM requires data to be periodically refreshed, the data — including encryption keys from Microsoft’s BitLocker, Apple’s FileVault and other formats — can still retrieved from memory a significant amount of time after the power is turned off, the researchers discovered. (Security Focus)

Popularity: 59% [?]