Risk
5/24/2007
03:34 PM
Sharon Gaudin
Sharon Gaudin
Commentary
50%
50%

Vegas BBQ -- Burn, PC, Burn

Picture a beautiful sunset over the desert, the glow of the Vegas skyline in the distance. Then a towering wave of flames leap into the air that crackles with the heat -- a man just set his computer on fire.

Picture a beautiful sunset over the desert, the glow of the Vegas skyline in the distance. Then a towering wave of flames leap into the air that crackles with the heat -- a man just set his computer on fire.And I'm not talking about a little fire. This was a 1,700-degree blaze that engulfed ioSafe's network attached storage device with four hard drives inside.

Come on… How many of us have had violent fantasies about setting our computers ablaze at one time or another? Well, this wasn't one of those situations, but it sure was a heck of a lot of fun to watch. And what was more interesting was that once they put the fire out and cooled the box down a bit, the ioSafe guys were able to retrieve the data that was on the hard drives inside.

No, seriously. I'm not even kidding. They put the hard drives in a new machine, fired them up (pun intended), and pulled up the information. Good as new.

You can see it for yourself in our image gallery of the demo.

I have to say it was the best damn demo I've ever seen. All the other companies hitting Interop with PowerPoint presentations and funky costumes need to rethink their marketing plans a little. The ball of fire in a vacant lot outside of a place called Screw Balls was one nice touch.

Here's the deal: ioSafe is a small company that makes disaster-proof hardware. Robb Moore, the CEO of ioSafe, told my colleague Barbara Krasnoff and me that it's producing products that protect data from fire or flood. As we headed out to the demo site (oddly Mandalay Bay didn't want the fiery demonstration at its show floor booth), Moore told us that the drives are wrapped in a protective casing that would allow them to withstand up to 30 feet of water for 30 days.

But we were in the desert, so he decided to show off its fireproof capabilities instead. This was their first public demonstration of it.

Moore says ioSafe's technology is like an airplane's black box for your data. Aimed at the SMB or branch and remote office market, it has two products. One is the ioSafe S1, a single disk solution for personal backup or small offices. It also has the ioSafe R4, which holds four drives.

The $15,000 R4 was the victim for our demo.

When we first arrived at the demo site, the ioSafe guys took some pictures of all of us. Then they uploaded the images onto one of the drives in the R4. The goal was to set the machine on fire and then pull those same images out again after as proof that they weren't pulling a fast one on us.

To show us what would happen to an unprotected drive, they laid one in a cooking pan on top of the R4.

As a safety measure, they covered the unit on all four sides with a metal grating. We could still see it plainly. Then using a blow torch and a propane set up, Bill Alexander, the director of engineering, started the fire. It built quickly. Flames climbed into the night sky. The acrid smell in the air was thick. After a few minutes, Moore used a temperature gauge and showed me that the fire was up to 1,647 degrees Fahrenheit. The temperature continued to climb. He said it hit 1,700 degrees.

Moore and Alexander both explained to me that the front of the storage unit has a spring-loaded door. When the temperature around the machine, which is built with fireproof gypsum, hits 200 degrees, a trigger snaps the door shut.

After 10 minutes, they shut down the burn. The unit glowed inside the metal grating. The cooking pan on top glowed even brighter with the heat. Actually, the handles on the cooking pan melted off and the sacrificial drive was barely recognizable.

They took the grating off, lifted the weighty unit down to the sandy ground and hosed it down for a minute or two to cool it. After that, they took the drives out and laid them on a table in front of a fan to cool them before they put them inside another machine. After just a few minutes, I touched one and it was only slightly warm.

Alexander popped the hard drives in and within a few minutes we were looking at the pictures they took of us when we arrived at Screw Balls.

"It's the one thing you can't get insurance for to get it back," said Moore. "You have a fire and you can get new desks and chairs but you can't get your data back."

It was the most interesting technology I saw at the conference. And it was the coolest demo I've ever seen.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2010-5075
Published: 2014-12-27
Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.

CVE-2011-4720
Published: 2014-12-27
Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a denial of service (daemon crash) via a long filename in a (1) RRQ or (2) WRQ operation.

CVE-2011-4722
Published: 2014-12-27
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.

CVE-2012-1203
Published: 2014-12-27
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.

CVE-2012-1302
Published: 2014-12-27
Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.