ZDNet UK / News and Analysis / Application Development

Elcomsoft bypasses Adobe with bug report

By Matt Loney, ZDNet.co.uk, 22 July, 2002 15:22

Daily Newsletters

Sign up to ZDNet UK's daily newsletter.

Topics

DMCA, elcomsoft, adobe content server 3.0, organization for internet safety, Bug

NEWS
The Russian company that discovered a crack in Adobe's eBook software has spurned common practice by going public with a hole it found in Adobe Content Server 3.0 rather than reporting the bug to the US software company first. Elcomsoft's decision was prompted by previous bad experiences with Adobe. At the end of a description of the vulnerability, which was posted on BugTraq, Elcomsoft's Vladimir Katalov said; "Some time ago we have found much more serious problem with another Adobe software and reported it to the vendor; however, there was no response at all, and so we decided not to waste our time reporting this one (about the library) to Adobe." Elcomsoft leapt to fame when one of its developers, Dmitry Sklyarov, was arrested last year during a Las Vegas security convention after giving a speech about the company's new Advanced eBook Processor software. Processor cracked the encryption on Adobe Systems' eBooks software, and is not illegal under Russian law. But because the software had briefly been for sale on the Internet, Adobe urged US authorities to arrest Sklyarov under the controversial DMCA legislation, which makes it illegal to develop technology that circumvents copyright locks. The latest flaw discovered in Adobe software by Elcomsoft allows a visitor to implement something similar to a denial of service attack against a Web site set up by Adobe to demonstrate the new library features of Adobe Content Server 3.0. Adobe has placed several books in the library, with five copies of each available for download. But, according to Katalov, there are three vulnerabilities: it is possible for one person to get all available copies of a single book; the loan period is not verified, and when the counter reaches zero the Library still allows a copy of the book to be added to the "bookbag". "By combining (these) bugs, it is very easy to implement something like Denial-of-service attack for the library," wrote Katalov in his warning. "Just get all copies of all books from the library (for very large period of time -- e.g. a few years). So no books will be available to anybody else." Katalov added a fix to his posting for the bug, and at the time of writing Adobe appeared to have applied the fix. An Adobe spokesperson said in a statement that the company would evaluate the report but would would not discuss the measures it takes as a result. "Security is an ongoing effort," she said. "We are committed to strengthening the security of our products by using sophisticated, industry-standard levels of software encryption and working with the software community, including 'White Hat' security experts, to incorporate features to advance the quality of our products. However, no software is 100 percent secure from determined hackers. Earlier this year a group of software companies met to hammer out the last details of an initiative to set guidelines for reporting software flaws that affect Internet security. The Organization for Internet Safety sprung from discussions between Microsoft and a handful of security companies on the responsible reporting of software bugs, known as vulnerabilities, that affect a business' security. Delaying the disclosure of vulnerabilities and urging legitimate researchers to allow software makers time to fix software problems before they're made public could play a large role in limiting the effect of newly discovered vulnerabilities in software products, said the group.
See the Software News Section for the latest headlines on everything from peer to peer clients to Office software and beyond. Have your say instantly, and see what others have said. Go to the ZDNet news forum. Let the editors know what you think in the Mailroom.

Related stories

Group to set bug-reporting standards

Russian programmer out on bail

London protesters slam US copyright laws

Perens: Linux could learn from Apple

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your ZDNet UK account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

Get ZDNet UK's daily newsletter

Enter your email address to sign up

ZDNet UK Live

TerryRK

Isn't the provision of a text based search an admission by the developers that the mass of icons approach does not work? I don't need to use a...

38 minutes ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
kevinmchapman

"Unity and GNOME 3 both abandon the old text-based cascading menus in favour of a graphical icon-driven system." Point truly missed. Both use a...

1 hour ago by kevinmchapman on A tale of two distros: Ubuntu and Linux Mint
TerryRK

whs001 - Thank you, I'm glad you liked the article. I absolutely agree with you on your first point. I should perhaps have made it clearer that...

1 hour ago by TerryRK on A tale of two distros: Ubuntu and Linux Mint
Dennis Nilsson

If we allow corporate interest to dictate the way our government circumvents due process against foreign entities then we should accept the same...

2 hours ago by Dennis Nilsson via Facebook on ACTA stumbles in Germany
GHar123

I totally dislike pirating of works, I fear that artists will be deterred from creating works if they think that they are going to get ripped off....

4 hours ago by GHar123 on ACTA stumbles in Germany
JCB33

How dare film makers, artists or anybody that invests in creativity stop us pirating their works for free. I want to be able to walk into my local...

10 hours ago by JCB33 on ACTA stumbles in Germany
Moley

@GrueMaster. I prefer horses for courses rather than one size fits all. I, and I suspect most other computer users, do not really wish to have...

12 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
greycynic

The product that scares me every time I have to use it is the Office 2007 version of Excel. The first bug that I found was applying the median...

12 hours ago by greycynic on Ten flawed products that derail productivity
GrueMaster

Nice review and very informative. One thing I'd like to add (in reply to whs001's 1st question), the main reason to have the same interface from...

13 hours ago by GrueMaster on A tale of two distros: Ubuntu and Linux Mint
Frederick Wrigley

I'be been using Mint 12 since the RC came out, and I am far more happy with the Cinnamon, the Mate, and, yes (with extensions), theGnome 3...

14 hours ago by Frederick Wrigley via Facebook on A tale of two distros: Ubuntu and Linux Mint
bdantas

Excellent article. One small correction, though--although a fresh installation of Linux Mint 12 will, indeed, provide the user with a version of...

15 hours ago by bdantas on A tale of two distros: Ubuntu and Linux Mint
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

15 hours ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Alan Ralph

In related news, the ISPs club together to get the members of the Home Affairs Select Committee (ya goofed on that part, ZDNet UK) copies of "The...

15 hours ago by Alan Ralph via Facebook on MPs urge ISPs to take down terrorist material
Moley

For Gnome 2 die-hards, it is possible to add icons to the bottom panel (or top top panel, if you prefer) which provide the exact Gnome 2...

16 hours ago by Moley on A tale of two distros: Ubuntu and Linux Mint
ramwellian

Your comments would seem pretty naive and immature. Your 'solution' appears to be, "gee, let's all just give in to the hackers and give them...

16 hours ago by ramwellian on Cloud computing security: no more oxymoron?
BugStalker

"Interesting thought ... If you installed Win7 as a dual boot on a machine that previously only had Linux, and it wrecked your Linux installation,...

17 hours ago by BugStalker on Windows 7 Declares War on GRUB
whs001

This is an excellent summary of Ubuntu and Mint and the interface differences between them. Most such articles take a very partisan position for...

17 hours ago by whs001 on A tale of two distros: Ubuntu and Linux Mint
Moley

@ewallace. Not so clear. Anyone can obtain the text, for example from here http://www.ustr.gov/webfm_send/2379. I support ACTA so long as it and...

17 hours ago by Moley on ACTA: Facts, misconceptions and questions
45283

I think WinRT is fantastic. I just wish it was an option for people that didn't want to go through Microsoft's App Store with its attendant...

20 hours ago by 45283 on Why Windows 8 needs architectural hygiene for WOA
Burn-IT

Nine people? £30m? Who's back pocket is that lot going in? And IF they say it is for new buildings, what about all the ones the government has...

21 hours ago by Burn-IT on Police set to launch three £30m e-crime hubs

Latest in Application Development

Perens: Linux could learn from Apple

Featured white papers

The Relevance of Cloud Infrastructure to Enterprise Challenges

SAVVIS

The Relevance of Cloud Infrastructure to Enterprise Challenges

This white paper reviews the evolution of data center outsourcing, and introduces cloud offerings within this historical... Read more

Use product development for competitive advantage

IBM

Use product development for competitive advantage

Remember when MP3 players just played music? Today, consumers want players that can host music, stream video,... Read more

Open-source software deployments for enterprise IT success

Progress Software

Open-source software deployments for enterprise IT success

Wikipedia identifies open source as "enabling a self-enhancing diversity of production models, communication paths... Read more

Inside ZDNet UK

A tale of two distros: Ubuntu and Linux Mint

A tale of two distros: Ubuntu and Linux Mint

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

2012 Predictions: VCE FastPath, VI SAN Probe & Hadoop

BlackBerry Bold 9790

BlackBerry Bold 9790

How to handle data replication

How to handle data replication

Ten factors that make Ubuntu 11.10 a hit

Ten factors that make Ubuntu 11.10 a hit

Toshiba Portégé Z830-10P Review

Toshiba Portégé Z830-10P Review

BT's archive: Pictures from the vault

BT's archive: Pictures from the vault