OiNK update

[Sylar666]

So I read Paine's blog? So how are we goin' Dudes? Do I have to talk to my Russian buddies to DDos IFPI?

[mrnobody]

irc://irc.xevion.net / #oink

Connect to the server and then register with nickserv before /joining. Vhosts are automatic on this network.

somebody please join this and keep us posted. i'm too old and stupid for irc.

i will try to keep us all updated but i am kinda doing my hw as well

this is what the title says...

Seriously, Don't PM us. | Oink is well and long back home, computers seized | Users no need to fear anything | Rest of staff @sleep | Have fun.

so now just gotta wait for awesome mods at OiNK to fix 'em

[Cheeseman1208]

http://dot-slash-csc.iblogger.org/oinkfaq.html

Found on the IRC before it was shut down....

[GoodOmens]

this is the first good news since the start of all this!
we need a place for current/old members to congregate but we will just have to wait!

Check out http://www.ohax.com/phpBB2/index.php ... its not mine but apparently has some real staff as mods.

[rvt]

Hate to rain on the feelgood parade, but a couple of points.

An interesting tibit dug up on torrentfreak:

a source has stated that the OiNK membership list was not only encrypted, but also equipped with a ’self-destruct’ type mechanism which relied on a regular signal to continue in ‘OFF’ mode.

Should be comforting to all the users^^

That source doesn't know too much about encryption.
If the entire table was encrypted, the server would need a copy of the decryption key (in public/private keypair encryption) or another method for decrypting the contents in order to operate. A webserver cannot perform magic and call up details without decrypting. The police have the server which means they have the decryption key/method and it'll take no time to get the plain text.

The self wiping database may be true, and may not be. The problem with requiring a regular 'signal' comes when there are problems on either end that result in the signal not arriving. Leaseweb have had their share of problems lately, with something like 50-60% packet loss in one of their datacenters. The loss of signal would cause a downtime and loss of some stats as the site would have to be rolled back to a backup database. If that has never happened, it's unlikely to be true.

Even if it is true, you have to consider data forensic methodology. When dealing with HDDs for evidentiary purposes, you never work on the HDD in the original machine. You never even boot from that HDD.
What the police teams will be doing is taking a copy of that drive before they do anything, then browsing the files with the drive attached as a non-booting slave. No cron jobs will run to wipe the database, no code will be running awaiting the 'signal', and all MySQL databases are copyable as files.
All they have to do is copy all the files from that HDD to a clean MySQL install and they can read everything at will.

The only thing that could save the data from being examined is if the users table was stored in a HEAP table (stored in memory). Even then, some data may have been written to disk as the table expands outside of memory allocation or is operated on with large join operations that would exceed available memory. In either case, data may be recoverable from disk.
It's unlikely the users table was stored only in memory though, as it means all data is lost on a power down or reset. Tables could be recovered from backups, but as the police have those anyway it kind of defeats the purpose of having it in memory only.

For the record, from Paine's blog:
Edit 2: This is an important one -- Your passwords do NOT need to be changed, they were stored as salted MD5 hashes. All the authorities have is the hashes. The only way they can get the original passwords is via brute force. The chances of that are slim to none if you followed standard good password practice.

Only if you follow good password procedure. If your password is kitten, it's likely to be broken in under 30 seconds.
The problem occurs because although password hashes are salted with a 'secret' key, the secret is stored alongside the hash. The MD5 hash of [secret]password[secret] is no harder to break in brute force than the MD5 of password, when you know what [secret] is. Because MD5 hashes are so quickly generated, if you used any regular word for your password a good dictionary attack will find it in seconds.


The thing that should give people hope is that nothing found on the server can in anyway be used in a real case against any members. It is impossible to say whether a user with certain stats listed in the database shared even one copyright file, or that they uploaded the amount listed in the database.
They may have filenames from the snatched table, but without having the exact file that was shared, the name of a file is not enough. I could share a file called starwars that was actually midget clown porn. Without a copy of that file, nobody can say it definately was or wasn't starwars that was shared.

All the talk of hunting down members is just BS on the part of the record industry, and they know it.

[embolism]

phew! wow!! half of that was over ma head..but then..it did relieve some worries

[AmpeD]

good to know rvt. and for the record all I dl'ed on oink was midget clown porn

[Gish]

this is a question and answer from the memorial forum!
------------------------------------------------------

<smartface> does the paypal account have any funds on it ATM?
<OiNK> it had some, and the account has been permanently limited
<friggy> you just get bailed for free?
<OiNK> yes
<smartface> did they actually question you?
<OiNK> of course, for hours
<sretsof> what was the stupidest question they asked?
<OiNK> the police had very limited technical knowledge, which made the interview quite amusing actually.
<OiNK> i wasn't willing to teach them how to use a computer
<OiNK> they actually wanted me to teach them how to set up a website
<OiNK> i just told them to google it.
<Xenafor> IS YOUR FATHER OKAY AS WELL? <OiNK> my father is fine.
<OiNK> my father was not arrested, though they did take his work laptop
<apelure> what does the carges about fraud mean?
<OiNK> i've not been charged ...
<Xenafor> Are you a vegetarian?
<OiNK> yes.
<knifeboy> Did they do the good cop/bad cop routine?
<OiNK> no
<Stormx2> Everyone is first and foremost concerned for you and everything, but at the back of our minds (I think) we're interested in what you think will happen the the pink palace. Obviously you won't have a starring roll, but will the backups be destroyed? <OiNK> why would backups be destroyed?
<smartface> have you become a millionarie with our donations?
<OiNK> no
<j2los> do you think at minimum the forums will be restored as a community for discussing music?
<OiNK> i don't know
<guildmast> Are there any plans for an official OiNK donations fund we can feel comfortable donating to?
<OiNK> not yet
<ftdrs> seriously though, what did they accuse you of?
<OiNK> conspiracy to defraud and copyright infringements
<maxdoubt> do you have/need legal representation?
<OiNK> i'm still deciding on legal advice
<Kevix> did you have any warning before hand that the knock opn your door was coming?
<OiNK> no
<smartface> are you planned for a trial anytime soon? <OiNK> the earliest date for trial is 26th december - though highly unlikely
<Yawg> did you anticipate a raid in the past? Did you take any precautions regarding site design and logs and whatnot to protect the community?
<OiNK> the logs we store aren't enough to inciminate users
<Gl1mw0rm> are you still the rigtfull owner of the oink.cd domain?
<OiNK> unclear
<Barth> what about the recent security/privacy changes to the site and the irc? was that a coincidence or did you see something coming?
<OiNK> coincidence
<j2los> do you think it is absurd that only now that the site has been taken down has it been deemed notable enough for a wikipedia article?
<OiNK> i found that amusing, yes
<OiNK> i'm glad the article is staying neutral
<midnightgt> (without incriminating anyone) is there any copy of the source anywhere? Would you be in support of a second coming of the website? How do you think this reflects on the war on file sharing? (Certainly I do not feel like we are losing)
<OiNK> sorry, no comment
<lhnz> Why exactly did the cops want you to make a website for them?
<OiNK> not sure
<csc> so, do the cops know you're here?
<OiNK> dunno
<ATF> did you get fired from work?
<OiNK> yes
<gleam> do you think you or anyone else will ever hear from tmt again?
<OiNK> no
<MooIsTooWrong> do you think most of the people in this
channel are asking asshat questions?
<OiNK> yes
<uQ1> What grounds did your work fire you?
<OiNK> i'm not going to go into that, sorry.

[Ghost+Rider]

Hate to rain on the feelgood parade, but a couple of points.



That source doesn't know too much about encryption.
If the entire table was encrypted, the server would need a copy of the decryption key (in public/private keypair encryption) or another method for decrypting the contents in order to operate. A webserver cannot perform magic and call up details without decrypting. The police have the server which means they have the decryption key/method and it'll take no time to get the plain text.

The self wiping database may be true, and may not be. The problem with requiring a regular 'signal' comes when there are problems on either end that result in the signal not arriving. Leaseweb have had their share of problems lately, with something like 50-60% packet loss in one of their datacenters. The loss of signal would cause a downtime and loss of some stats as the site would have to be rolled back to a backup database. If that has never happened, it's unlikely to be true.

Even if it is true, you have to consider data forensic methodology. When dealing with HDDs for evidentiary purposes, you never work on the HDD in the original machine. You never even boot from that HDD.
What the police teams will be doing is taking a copy of that drive before they do anything, then browsing the files with the drive attached as a non-booting slave. No cron jobs will run to wipe the database, no code will be running awaiting the 'signal', and all MySQL databases are copyable as files.
All they have to do is copy all the files from that HDD to a clean MySQL install and they can read everything at will.

The only thing that could save the data from being examined is if the users table was stored in a HEAP table (stored in memory). Even then, some data may have been written to disk as the table expands outside of memory allocation or is operated on with large join operations that would exceed available memory. In either case, data may be recoverable from disk.
It's unlikely the users table was stored only in memory though, as it means all data is lost on a power down or reset. Tables could be recovered from backups, but as the police have those anyway it kind of defeats the purpose of having it in memory only.

For the record, from Paine's blog:
Edit 2: This is an important one -- Your passwords do NOT need to be changed, they were stored as salted MD5 hashes. All the authorities have is the hashes. The only way they can get the original passwords is via brute force. The chances of that are slim to none if you followed standard good password practice.

Only if you follow good password procedure. If your password is kitten, it's likely to be broken in under 30 seconds.
The problem occurs because although password hashes are salted with a 'secret' key, the secret is stored alongside the hash. The MD5 hash of [secret]password[secret] is no harder to break in brute force than the MD5 of password, when you know what [secret] is. Because MD5 hashes are so quickly generated, if you used any regular word for your password a good dictionary attack will find it in seconds.


The thing that should give people hope is that nothing found on the server can in anyway be used in a real case against any members. It is impossible to say whether a user with certain stats listed in the database shared even one copyright file, or that they uploaded the amount listed in the database.
They may have filenames from the snatched table, but without having the exact file that was shared, the name of a file is not enough. I could share a file called starwars that was actually midget clown porn. Without a copy of that file, nobody can say it definately was or wasn't starwars that was shared.

All the talk of hunting down members is just BS on the part of the record industry, and they know it.

Fuck we are taking all this shit so serious!
Password recovery/hashes Are we Another terrorist group planning to hijack some plane or wtf

Oh forgive the police wud never go after terrorsits cuz they have millions of pirates to be put behind bars

[mrnobody]

good to know rvt. and for the record all I dl'ed on oink was midget clown porn

they don't have porn there lol

Fuck we are taking all this shit so serious!
Password recovery/hashes Are we Another terrorist group planning to hijack some plane or wtf

Oh forgive the police wud never go after terrorsits cuz they have millions of pirates to be put behind bars

can't agree more