Microsoft pours cold water on 'Cold Boot' hacks

Microsoft is playing down the threat of so-called "Cold-Boot" encryption hacks, in which attackers can inspect a "ghost" of computer memory.


Even as Humphries downplayed the chance of an attack, he also spelled out ways users of BitLocker - the full-disk encryption feature included in Vista Ultimate and Vista Enterprise - could protect their laptops from a Cold boot.

"The thing to keep in mind here is the old adage of balancing security, usability and risk," said Humphries. "BitLocker provides several options that allow for a user, or more likely an administrator, to increase their security protections but at the cost of somewhat lowering ease of use."

Specifically, he said users or IT administrators could set BitLocker so that it would not let a PC boot, or even resume from hibernation, without confirmation from a PIN and/or a secret key stored on a USB-based flash drive or memory stick.

Others at Microsoft pitched in last week to counter the widespread reporting of the Cold Boot research. Douglas MacIver, a member of the company's BitLocker test team, added a list of steps corporate users can take. "The [Princeton] research and presentation are impressive," he said in a blog posting of his own. "But after reading it, you may come away wondering 'What can I do immediately to protect myself?' Our customers have been asking us this same question."

Among MacIver's recommendations: Set laptops so that they enter power-off "hibernation" rather than the low-power "sleep" mode, which can't be protected by a BitLocker PIN or key; limit boot options by modifying the PC's BIOS; and disable FireWire and PCI Host controllers.

"Recommended For You"

BitLocker, PGP and TrueCrypt encryption weakened by new attack tool Researchers claim to 'fingerprint' paper