When Technology Fails
Recently an old vulnerability reared its ugly head after it was discovered that hardware doesn’t always behave as expected.
According to this paper:
Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard.
Unfortunately, this means that many encryption products leave your data exposed under various circumstances. (The full paper is here.)
But what do you do if the technology fails? There may be several responses. The product may be patched or the problem fixed, you may choose to replace the product completely, or perhaps you simply revert back to some policy changes.
In some cases the problem is resolved if the machine isn’t put into sleep or hibernate mode; thus a new policy could be implemented to mitigate this risk to some degree. The team of security professionals at SANS has been compiling a list of vendor reactions to this problem.