IronKey.The world's Most Secure flash Drive.

I agree, but this isn't quite as bad as deserving a because the 'on device' FF is 'only' used for their Secure Sessions Service (SSS) (the $25USD/year thingy). Just for those that would like an explanation of that here rather than hunting on IK's site, I'll paraphrase what they say:
[IronKeys are optionally pre-configured with Secure Sessions Service (SSS) and a portable version of Mozilla's popular Firefox Web browser.

All data, cookies, and web history are maintained locally on the IronKey. The SSS protects your privacy on the Web by triple-encrypting your web surfing traffic, and provides secure DNS services to help assure that you are not visiting a spoofed website.

The Ironkey Password Manager locally manages all your online passwords with secure one-click direct access and protection against keystroke-logging spyware and other online threats. Optional encrypted password backup is provided as an online service.

SSS uses complex routing algorithms and high performance Tor servers to provide a layer of anonymity to protect your identity and confidentiality while ensuring an enjoyable web experience. Websites will no longer be able to see your IP address or know where in the world you are coming from, you can easily change which country your Web traffic is coming from at any time. You can easily and quickly disable SSS by clicking a button in the browser, which is handy when security and privacy are not important but data transfer speeds are.

When users access IronKey web sites and services, all information is exchanged over an encrypted channel. This is accomplished through Secure Socket Layer (SSL) and by utilizing Verisign Secure Site and Verisign Secure Site Pro certificates. To ensure additional security for its services, IronKey qualified for and is using Extended Validation SSL. The IronKey applications encrypt all sensitive data prior to transmitting it within the IronKey network and storing in databases.]
So, if you're on your own PC and don't need to hide behind their Tor servers, you can use FF 3.xxx (and your own password manager) on your PC. You would have to maintain passwords in two places, but that shouldn't be hard to do, maybe hard to remember to do though. I think that FF 2.xxx is OK if you're restricting yourself to known safe sites, but who knows for sure. They did say that you can install NoScript to the FF on the device and I'd do that, certainly (assuming there's still a NS for FF 2.xxx of course).
Probably the biggest reason for buying one of these is the self destruct should you lose possession and have 'sensitive' data stored on it.
Now a thought just popped into my head and I'm not sure if Wilder's will let me say this, but the self destruct would be handy should you be asked for the password by authorities and you kept giving them (10) different passwords. Voila, data's gone, forever. The risk is that the authorities make you disappear forever too. Definitely a .
I'll have to buy one when I'm visiting my kids in the U.S. though, that's the only place they'll sell one. Then hope they'll just think I travel to Canada a lot because that's where I'll use it most of the time.
Jim C. (now, off to shovel some snow....)

 

Hello, I'm Drew from IronKey. Sorry if I'm a little late to the party on this thread...if you do have any questions regarding the IronKey, I am happy to answer them, and plan to check in here a couple of times a week to see if anyone does have such questions.

From the above posts, it looks like Tech Support (or me) have already answered most of these questions.

Regarding pricing...yes, the Basic and Personal version are the same price (Enterprise devices are also the same price), and with the Personal device you get more than you do with the Basic device.

For anyone in the "general public" the Personal is the device that you want.

The Basic device is designed for government and corporate deployments where network connectivity (including device updates) is considered a bad thing.

Yes, we do have have updates to our devices. These are free, signed, and securely delivered.

If anyone has any questions about IronKey, please let me know!

 

Hi JR, been awhile.
FF3 is not available yet, that's as of Mar. 2nd. Check the Iron Key Forum for more information,
https://forum.ironkey.com where you have to register to see threads.
Drew has summarized a list of requests/suggestions which he clearly states are not to be presummed to be an official 'worklist', although some may be, and some points have generated additional posts indicating desired user priority is quite high for FF3. I haven't posted myself, yet.

To Drew: You can simply Subscribe to this thread, daily e-mails would probably suffice but Instant would certainly give you a heads-up. I registered in your forums as AquaPraxis.

Regards to all,

Jim C

 

Currently, support for FF3 is part of a Beta test, that also involves our Identity Manager (a replacement for the current Password Manager), and many other bug fixes and new features.

Beta devices shipped with FF 3.0.5, but users are encouraged to update to FF 3.0.6 as they normally would.

FF3 support is one of our top requests from users, and we are definitely working on it.

 

Since apparently no one else here has one, I'll throw in my .02

I really like mine. I use it more than any of my other drives, mainly to store some data I always want safe and with me, to store and keep backups of encryption keys, and to keep a couple apps with me.

The interface is clean and simple, however lacks a bit compared to say portableapps.com's start menu. The menu can be configured, but one thing I hate is it has 2 icon displays and one list display, but as soon as you remove the device it goes back to the default. For me, thats a PITA because I have a lot of apps, and I like a small list display.

I dont use the password manager, mainly because I use keypass and I dont know that I trust my passwords to a device that is capable of phoning home.

I do not use the online backup feature, again for the same reason.

I do really like the "secure sessions" which is Tor on steroids. I DONT like that they operate all the Tor nodes, meaning one US subpeaona and they know where I go, but I do LOVE the speed. I notice only a small lag with SS running. Since really my main goal for using SS is to encrypt my initial traffic past the "watchers."

The FF2 thing is a nag, esp since every time you use FF it downloads the upgrades and you have to tell it not to install, but it's not too big of an issue. One PITA is that new add-ons are 3.0 only, so you cant use them. Some of the more established add-ons have older revisions, but thats a YMMV thing.

Speedwise, I see only a minor lag vs a standard USB flash drive, not enough to ever cause an issue.

I have only gone through 1 update of the IK itself, and it went great. Straight point and click, no issues. (Much better than my U3 that corrupts during backup and removes all my apps and generally sucks.)

Their web interface is pretty neat. You can log into it from any machine, but you can only access some features if you are logged in with your IK. It also has some client certificate stuff to validate you are on IK's site, and that you are you.

All in all I love my IK. My only real issues are with the start menu and the FF versioning, other than that it is great. I'd love to see it available in MUCH larger sizes tho. I'd kill for a 32GB version - but I'm sure the price would be ridiculous (which it shouldnt be considering the price to make the device shouldnt alter much based on capacity).

 

Great! Thank you for using an IronKey, and thank you for posting some questions/comments here.

That was such hassle. You might want to "check for updates", since we released an update to version 1.3.2 just over a week ago, that solves that problem (among other things). It also has enabled the Control Panel to run faster.

There is no "phone home" or back door to the device. I understand your privacy concerns...and they are very valid concerns. You are right that conceivably we could have engineered the device to do that (we haven't done that).

We have gone through great pains to make sure that we don't have access to your passwords. They online backup is an encrypted blob, and the key for this resides on your device.

Last week, we announced that the update for FF3 support will be coming April 21st.

That is great feedback, thank you very much.

32GB? Someday.

Also, remember that we currently are only using SLC (Single Layer Cell) Flash memory, which is significantly more expensive than the more common MLC (Multi-Level Cell). I won't bore you with the mundane details of NAND flash...but SLC is rated to be roughly 10 times longer lasting, has lower error probability, has faster write speeds.

 

Getting interested again

 

I will try to do so today. Does it fix the damn control panel so that when you click on an app that the CP freaking closes? that was one thing I forgot. MINOR issue, but end user wise its a ROYAL PITA to click say FF and then have to go back to the CP window and click the X on the CP. If I launch an app, close that damn thing back to the tray!!!!

And I am SURE it will NEVER happen, but I would like the ability to get to the virtual cd partition and edit things. Certainly I am a more advanced user than normal, but there are small hacks I would like to make here and there.

One thing that would be nice, however LOW on the list up there at IK I'm sure would be the ability to "skin" the CP and interface. Some just for individuality, but some for obscurity. Sure its obvious that I have a giant stainless steel key sticking outta my computer, but still I dont like that if I open the CP that its OBVIOUS if you can see my screen that I am opening something "secret." Just arouses unneeded suspension sometimes. Nothing major tho.

Glad to hear about FF3, cant wait.

I'd also like to see IK implement the drive w/PKI for SSO and other token based authentication. Honestly, if I could also use my IK as a token, I dont know that I would ever buy another type of flash drive again. That support would freaking blow everyone else in the secure flash market away (more than you already have) and I think more people would use it than you may now know.

I'd also like to see what the IK-EntEd is all about. Is it just you std IK w/management abilities for multiple key's, or does it offer additional features? If it does more, believe it or not, I'd be interested in the IK-EE for personal / family use, but if it only adds support for device management to corp users, then not so much. And I dont see what management you could really do, but I havent looked that indepth to the EE...


And yes, 32GB. Honestly, as a consumer, I dont care what or why you have limitations. I see 32GB and 64GB drives sitting on shelves for less than the smallest size IK, and I want a bigger IK. I use flash drives a LOT, and I want it bigger. Again, just like token support, you give me a 32gb IK with token support, and Ill never need another drive. (unless you charge me $500 for it, in which case I stick with a normal 64GB flash drive w sw encryption)

 

You wont be disappointed, IMO.

Plus, it's funny, with other flash drives, I forget them at home, or on my desk, or they end up in the bottom of my bag, never to be seen or used again (ohh THATS where I saved that file I was looking for) but with the IK you wont do that. Something about this heavy, shiny, silver, sexy beast that makes you WANT to carry it. It's all mental, but I NEVER forget my IK, based just on how it looks. It stands out, and screams "I'm important, don't forget me!" Some days it stays in the pocket, but I always have it.

Which to the point I guess I didnt cover in my review - the physical device.

It is obvious to anyone that has checked out IK.com, the thing is sexy and rugged, but I will speak to it anyway.

I think I have covered the "looks", but again, it's a sexy looking device. Simple and plain, but sexy.

And the thing IS as rugged as they say. Sure, the shine is gone from mine, and it has some scratches and dings, but its a beast. I have put it through hell, and no plastic drive would have lived. One thing that really shocks me, and speaks to how well it is built is the cap of all things. It has a rubber lining, I assume to keep water out, but all that holds the cap on is that rubber lining. Only the tight fit holds it on. After a year of use, that thing is like new. Plastic caps wear down after so many pops on and off, but the IK doesnt. And honestly when I got it, I expected that to be an issue. I expected the rubber would lose grip, wear down, and/or just lose the friction to hold the cap on, but it is just like new....

 

As an individual? Doubtful. But we have talked about releasing an SDK so that developers could make some modifications (and possibly facilitate helping those developers get the mods to other users).

You aren't the first to ask for this. It's on our "yes, that would be nice to have list". But we've got a lot more core functionality that we are hard at work on.

April 21st, is what we are targeting for that. It's posted on our website, so this isn't quite 'insider information'.

What would be the additional features that you are looking for family use?

 

THANK YOU!

 

It would be nice to release the SDK to all, but i guess that depends on how much of the SDK gives inside knowledge to the workings of the IK, and if that could compromise the overall security of IK's. I'm just an open it up and play with it kinna guy.

Agreed....although if the SDK gives me the ability to get to the CD partition and make edits, I can skin it all myself with ResHacker...

More just curiosity on the EE and what it is all about, what it offers.

Really my main "wants" would be:
Auto Launch features (ie run app A, B, C when unlocked)
The damn start menu closing after I launch something
Token support
Encryption of files outside the IK that would require the IK to unlock
Customization
A "Terminate all open processes and lock" option. I run a lot of apps from my IK, most do not need to shutdown gracefully, so it would be nice for it to have the option to just close all and lock, instead of closing each app one by one.
AutoLock feature (time based, workstation lock based, hibernate/standby based, etc)

I think that's about it. Really nothing that is stopping me from using my IK, I love it as is, but those would be some initial improvement thoughts. AND SIZE!

The size factor could be mitigated with the ability to encrypt files on other drives and require the IK present and unlocked to access them. My goal here is a secure portable machine. I am working on a completely self sufficient windowz USB device, and the size of the IK just wont support the size of a VM. Right now my solution is to use a 3rd party encryption with encryption keys stored on my IK to unencrypt my USB device with my VM on it, which is just an extra step I'd like to use the IK for. But I am sure I am not in the majority iwth deployments like this.

I'd really like to see the features of the GoldKey + Token support built into the IK, at least at a personal level, but I'm sure the market would be there at an Enterprise level as well.

 

Great feedback.

Thank you for posting.

I've forwarded to our Product Management team (although I know that couple of those are already on the road map).

 

To follow up regarding this. We have released Firefox 3.0 support. This update is currently available to our existing users. The update includes many new features and Firefox 3.0.8, which can be updated to the latest (I'm using 3.0.10, today).

 

Just another feature request, I would really like to have a "Startup" or "Autorun" folder on the menu for the IK (or wherever, config, etc). There are some apps that I run EVERY time I open my IK (keepass for example) and I would like to have those launch on unlock.

A dream request would be a builtin (feature rich, not a hack job) FW w HIPS, but I dont know how hard that would be to implement.

Also, is there a way to edit the sandbox'ing of FF on the IK. I like the sandboxing, but much like some virtualized apps I run, I set specific folders to not be boxed, which makes downloading files a HELL of a lot easier. I hate having to navigate to find them, plus having to keep the downloaded files cleaned up so the sandbox on the IK isnt wasting space.

One more, also, does teh sandbox clear on exit?

 

Autorun opens up a whole host of issues (Conficker, etc). I know what you are saying about this being convenient...and we've tinkered with it a bit in a more secure manner...but "autorun" of any sort is just a bad word in the industry these days.

KeePass? You need to download a newer version and give the Identity Manager a go. You can import your KeePass database (after exported to XML).

That's an awesome idea. For our security minded user base, intrusion protection would add a great deal of value.

I'm not sure what version of our device you have...this changed when we moved from using FF 2.x to FF 3.x

No, it does not.

 

I have updated to the latest IK version with FF3, but it sandboxes at least the desktop, which can be a real PITA.

Even tho I clear everything on exit, it would be nice to have the option to destroy the session sandbox on exit.

Also, a MUCH needed addition is the ability to easily terminate and restart the whole SecureSessions package. I've had a LOT of issues with it lately, and sometimes the only solution is locking the IK and unlocking to close out SS and re-launch it. If there is a manual way to do it, I havent found it, since SS stays running even when you kill FF. Like I said, I run a lot of virtualized apps from my IK, so having to exit all of them to lock and unlock the IK is a royal pain, on the level of having to reboot your machine, just because your browser isnt working. I know SS isnt perfect, but lately it seems like it has had a lot of issues no matter what I do to try and rebuild circuts.

I know autoruns can be a nightmare, but maybe an additional password layer could be added to add an autorun to the IK and then require some sort of HIPS style confirmation when the IK is unlocked and autoruns your apps.

Maybe I will test out the password/identity manager in the next few weeks now that I have my HIPS tuned, just to verify it doesnt "phone home:." I know you have assured me it doesnt, but seeing is believing in security. The only thing about the IK identity manager, is AFAIK it doesnt have any capabilities to sync with a mobile device, which is really where *I* need to go with my password manager. I havent tested keepass for BlackBerry yet, but I MUST have something that replicates my passwords to my device.

I know the lecture on that opening an attack vector to my passwords, but the fact is I use 16-64 char alpha/num/high ansi passwords for EVERYTHING, and I need a way to be able to say hit an email account from my BB over webmail that I dont sync to my BB, along with other web apps I need to access via the BB on the go.

Dont get me wrong, I still LOVE the IK, and I promote it like crazy and I wouldnt use anything else, just things Id liek to see.

Also TOKEN SUPPORT is SO high on my list. I know I have mentioned it, but the possibilities for token support from the CD partition for use in SSO apps, windows token/smart card signon, and the ability to use it as a TrueCrypt token would seriously make my world, above everything else.

And let me just say to those out there thinking about the IK, read my above posts, and then read this: Over a year and running, I run my IK 9+ hours straight a day, and I carry it EVERYWHERE when not plugged in, in my pocket with keys, glasses, wallet, change, everything, and this thing really can take a hell of a beating. The mere fact it has stood up to the pure hours of use, and the beating in my pocket everyday is enough to justify this device cost even without the security benefits (which I dont mean to diminish in ANY way, they are fabulous.)

Drew, do you have a public beta program at all that I could get involved in (PM me if so). Also, is there any chance of getting ahold of an IK at a reduced cost just for pen testing? It could have a 2MB chip for all I care, I would just REALLY like to go through some deep testing at extracting and soft-breaking into the device, w/o jeopardizing my device!!!

 

CaixFang,

Great feedback (as always).

Can you explain this a little more? It should be storing everything on a "separate instance of desktop" that is on the drive, not your actual desktop.

Currently, we do not have any "non-device" interface for using the Identity Manager...so that would rule out your BlackBerry need. At least at this time.

Have you talked to our Technical Support team about your issues with Secure Sessions?

Are you also, on the IronKey Forum? If not, a lot of what you have posted here is great fuel for discussion amongst our users.

Regarding Betas, typically we run closed Betas, I do get a lot of Beta testers out of our Forum.

 

OK. Lost the cap. I look like a dork keeping a flash drive on my key chain. I can live with that, cause it's handy when I need it. But I look even more like a dork with a flash drive with no cap. Expensive to buy a new drive just for the cap.

I've tried a couple of caps from cheap giveaway drives, but they don't fit.

Any ideas?

 

Contact IronKey Customer Service.
customerservice@ironkey.com

They would be glad to help you out.

-Drew

 

well i hope its soon not ended up sumthg like this..
http://www.troublefixers.com/how-to-fix-please-insert-a-disk-into-drive-error-in-windows/#comment-4433