Hate to rain on the feelgood parade, but a couple of points.
That source doesn't know too much about encryption.
If the entire table was encrypted, the server would need a copy of the decryption key (in public/private keypair encryption) or another method for decrypting the contents in order to operate. A webserver cannot perform magic and call up details without decrypting. The police have the server which means they have the decryption key/method and it'll take no time to get the plain text.
The self wiping database may be true, and may not be. The problem with requiring a regular 'signal' comes when there are problems on either end that result in the signal not arriving. Leaseweb have had their share of problems lately, with something like 50-60% packet loss in one of their datacenters. The loss of signal would cause a downtime and loss of some stats as the site would have to be rolled back to a backup database. If that has never happened, it's unlikely to be true.
Even if it is true, you have to consider data forensic methodology. When dealing with HDDs for evidentiary purposes, you never work on the HDD in the original machine. You never even boot from that HDD.
What the police teams will be doing is taking a copy of that drive before they do anything, then browsing the files with the drive attached as a non-booting slave. No cron jobs will run to wipe the database, no code will be running awaiting the 'signal', and all MySQL databases are copyable as files.
All they have to do is copy all the files from that HDD to a clean MySQL install and they can read everything at will.
The only thing that could save the data from being examined is if the users table was stored in a HEAP table (stored in memory). Even then, some data may have been written to disk as the table expands outside of memory allocation or is operated on with large join operations that would exceed available memory. In either case, data may be recoverable from disk.
It's unlikely the users table was stored only in memory though, as it means all data is lost on a power down or reset. Tables could be recovered from backups, but as the police have those anyway it kind of defeats the purpose of having it in memory only.
Originally Posted by
Sylar666
For the record, from Paine's blog:
Edit 2: This is an important one -- Your passwords do NOT need to be changed, they were stored as salted MD5 hashes. All the authorities have is the hashes. The only way they can get the original passwords is via brute force. The chances of that are slim to none if you followed standard good password practice.
Only if you follow good password procedure. If your password is kitten, it's likely to be broken in under 30 seconds.
The problem occurs because although password hashes are salted with a 'secret' key, the secret is stored alongside the hash. The MD5 hash of [secret]password[secret] is no harder to break in brute force than the MD5 of password, when you know what [secret] is. Because MD5 hashes are so quickly generated, if you used any regular word for your password a good dictionary attack will find it in seconds.
The thing that should give people hope is that nothing found on the server can in anyway be used in a real case against any members. It is impossible to say whether a user with certain stats listed in the database shared even one copyright file, or that they uploaded the amount listed in the database.
They may have filenames from the snatched table, but without having the exact file that was shared, the name of a file is not enough. I could share a file called starwars that was actually midget clown porn. Without a copy of that file, nobody can say it definately was or wasn't starwars that was shared.
All the talk of hunting down members is just BS on the part of the record industry, and they know it.
Bookmarks