Digg this story   Add to del.icio.us  
More EBook Hacking Tricks From Embattled Elcomsoft
Brian McWilliams, SecurityFocus 2002-07-12

Russian software company says Adobe's copy protection system is built from clay and straw.

Just weeks before its landmark trial for violating digital copyright law is set to begin, Russia-based Elcomsoft has publicly exposed new security flaws in Adobe Systems' digital book product.

Elcomsoft released an advisory Friday describing several ways to defeat security features in the Adobe eBook Library -- an Adobe Systems Web site promoting the company's Adobe Content Server, a system for distributing digital books.

According to Elcomsoft managing director Vladimir Katalov, security features in the eBook Library site can easily be circumvented, allowing visitors to download and read copyright-protected eBooks without specified restrictions.

The Elcomsoft advisory follows by almost exactly one year the arrest of Elcomsoft programmer Dmitry Skylarov at the Defcon hacker convention in Las Vegas.

On July 11, 2001, Elcomsoft and Skylarov were charged by the U.S. government with publishing a program that allowed users to disable copyright protections on documents in Adobe's eBook format. The subsequent indictment was the first brought under the 1998 Digital Millennium Copyright Act (DMCA), according to the Department of Justice.

In its new advisory, Elcomsoft said the eBook Library contained three "bugs/vulnerabilities" that could allow visitors to simply bypass security features, such as a setting designed to make eBooks unreadable after a specified period of time. The security flaws could also enable a malicious user to prevent other visitors from accessing eBooks in the library, Elcomsoft said.

Adobe Evaluating Bugs
An Adobe representative said Friday that the firm would evaluate Elcomsoft's security report, but could not discuss any measures it might take as a result. The official said the company frequently works with "the software community, including `White Hat' security experts," to improve the security of its products.

The Adobe representative noted that the software firm has never brought litigation against Skylarov or Elcomsoft.

However, Elcomsoft's prosecution was launched after Adobe sent Elcomsoft an e-mail on June 25th, 2001, warning that the company's Advanced eBook Processor program constituted contributory copyright infringement. According to Adobe's e-mail, a copy of which was posted to an Internet newsgroup by Elcomsoft, the program was "a matter of great concern and will be pursued aggressively by Adobe Systems."

Prosecutors dropped charges against Skylarov last year, but the case against Elcomsoft is ongoing. A trial-setting hearing is slated for August 26th in federal court in San Jose, California.

According to Adobe's site, the Adobe Content server is a digital publishing system for protecting, managing, and distributing eBooks and electronic documents. The company said the product "ensures the highest standard of security and rights management."

    Digg this story   Add to del.icio.us  
Comments Mode:


Privacy Statement
Copyright 2010, SecurityFocus