Computer security specialists at NASA have warned their employees of a loophole in the encryption feature BitLocker, only present in Enterprise and Ultimate editions of Microsoft"s Windows Vista operating system. According to a document posted on NASA"s Web site, BitLocker"s encryption can be bypassed if a user leaves their computers in "sleep" mode. Only if the computer is shut down or set to "hibernate", users are required to insert a USB authentication key into their PCs or laptops to in order to boot up.
"An administrator can reduce the risk of circumvention of BitLocker (through theft of a "sleeping" rather than "hibernating" machine) by reducing the duration before the machine goes into hibernation," said NASA"s security specialists, Aaron Powell and Christopher Vincent.