Note that this is the open source, made by one guy in his spare time version, so it has some caveats. But I'll bet you dollars to donuts that the three-letter agencies have their own, more capable version.
That is an disingenuous representation of how the attacks works. That attacks OPSEC, not the Bitlocker itself. Any full-disk encryption is "vulnerable", to this kind of attack.
Not really. Full disk encryption using Pointsec/other commercial offerings, or as you typically do it on Linux with LUKS+dmcrypt, asks for the passphrase before the OS has loaded any Firewire drivers. In which case a fully shut-down computer is not vulnerable to this attack, ie. you have protection against evil maids, thieves, FBI etc.
But with Bitlocker, it only requires a password at Windows login, and by then all the Firewire etc. drivers are up and running. So you have no protection for computers that are stolen/seized by law enforcement.
IIRC BitLocker with pre-boot authentication mitigates DMA attacks. Most Windows hardware doesn't come with FireWire or Thunderbolt ports nowadays. Microsoft recommends pre-boot auth for devices with DMA ports.
These are fair points. But for businesses in particular, it's a problem since many skip on (or are unaware of the need for) pre-boot auth, and business laptops still pack FW ports, if not on the laptop itself, then surely on the docking station.
Maybe this whole thing will turn out to be a giant Streisand Effect that gets even more people using encryption and call out the companies who aren't doing a good job.
https://github.com/carmaa/inception
Note that this is the open source, made by one guy in his spare time version, so it has some caveats. But I'll bet you dollars to donuts that the three-letter agencies have their own, more capable version.