Ed Felten writes on Freedom-to-Tinker:
Today eight colleagues and I are releasing a significant new research
result. We show that disk encryption, the standard approach to
protecting sensitive data on laptops, can be defeated by relatively
simple methods. We demonstrate our methods by using them to defeat
three popular disk encryption products: BitLocker, which comes with
Windows Vista; FileVault, which comes with MacOS X; and dm-crypt,
which is used with Linux.
The root of the problem lies in an unexpected property of today's DRAM
memories. DRAMs are the main memory chips used to store data while
the system is running. Virtually everybody, including experts, will
tell you that DRAM contents are lost when you turn off the power. But
this isn't so. Our research shows that data in DRAM actually fades
out gradually over a period of seconds to minutes, enabling an
attacker to read the full contents of memory by cutting power and then
rebooting into a malicious operating system.
UPDATE, 9:44am PT: Declan McCullagh at News.com has an analysis piece here.
(Cross-posted from Boing Boing)