Risk
5/24/2007
03:34 PM
Sharon Gaudin
Sharon Gaudin
Commentary
50%
50%

Vegas BBQ -- Burn, PC, Burn

Picture a beautiful sunset over the desert, the glow of the Vegas skyline in the distance. Then a towering wave of flames leap into the air that crackles with the heat -- a man just set his computer on fire.

Picture a beautiful sunset over the desert, the glow of the Vegas skyline in the distance. Then a towering wave of flames leap into the air that crackles with the heat -- a man just set his computer on fire.And I'm not talking about a little fire. This was a 1,700-degree blaze that engulfed ioSafe's network attached storage device with four hard drives inside.

Come on… How many of us have had violent fantasies about setting our computers ablaze at one time or another? Well, this wasn't one of those situations, but it sure was a heck of a lot of fun to watch. And what was more interesting was that once they put the fire out and cooled the box down a bit, the ioSafe guys were able to retrieve the data that was on the hard drives inside.

No, seriously. I'm not even kidding. They put the hard drives in a new machine, fired them up (pun intended), and pulled up the information. Good as new.

You can see it for yourself in our image gallery of the demo.

I have to say it was the best damn demo I've ever seen. All the other companies hitting Interop with PowerPoint presentations and funky costumes need to rethink their marketing plans a little. The ball of fire in a vacant lot outside of a place called Screw Balls was one nice touch.

Here's the deal: ioSafe is a small company that makes disaster-proof hardware. Robb Moore, the CEO of ioSafe, told my colleague Barbara Krasnoff and me that it's producing products that protect data from fire or flood. As we headed out to the demo site (oddly Mandalay Bay didn't want the fiery demonstration at its show floor booth), Moore told us that the drives are wrapped in a protective casing that would allow them to withstand up to 30 feet of water for 30 days.

But we were in the desert, so he decided to show off its fireproof capabilities instead. This was their first public demonstration of it.

Moore says ioSafe's technology is like an airplane's black box for your data. Aimed at the SMB or branch and remote office market, it has two products. One is the ioSafe S1, a single disk solution for personal backup or small offices. It also has the ioSafe R4, which holds four drives.

The $15,000 R4 was the victim for our demo.

When we first arrived at the demo site, the ioSafe guys took some pictures of all of us. Then they uploaded the images onto one of the drives in the R4. The goal was to set the machine on fire and then pull those same images out again after as proof that they weren't pulling a fast one on us.

To show us what would happen to an unprotected drive, they laid one in a cooking pan on top of the R4.

As a safety measure, they covered the unit on all four sides with a metal grating. We could still see it plainly. Then using a blow torch and a propane set up, Bill Alexander, the director of engineering, started the fire. It built quickly. Flames climbed into the night sky. The acrid smell in the air was thick. After a few minutes, Moore used a temperature gauge and showed me that the fire was up to 1,647 degrees Fahrenheit. The temperature continued to climb. He said it hit 1,700 degrees.

Moore and Alexander both explained to me that the front of the storage unit has a spring-loaded door. When the temperature around the machine, which is built with fireproof gypsum, hits 200 degrees, a trigger snaps the door shut.

After 10 minutes, they shut down the burn. The unit glowed inside the metal grating. The cooking pan on top glowed even brighter with the heat. Actually, the handles on the cooking pan melted off and the sacrificial drive was barely recognizable.

They took the grating off, lifted the weighty unit down to the sandy ground and hosed it down for a minute or two to cool it. After that, they took the drives out and laid them on a table in front of a fan to cool them before they put them inside another machine. After just a few minutes, I touched one and it was only slightly warm.

Alexander popped the hard drives in and within a few minutes we were looking at the pictures they took of us when we arrived at Screw Balls.

"It's the one thing you can't get insurance for to get it back," said Moore. "You have a fire and you can get new desks and chairs but you can't get your data back."

It was the most interesting technology I saw at the conference. And it was the coolest demo I've ever seen.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.