R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Adobe DoS vulnerability exposed

Elcomsoft finds more eBook failings

James Middleton, vnunet.com 15 Jul 2002
ADVERTISEMENT

Elcomsoft, the Russian company facing criminal charges for the creation of tools to circumvent Adobe's eBook software, has published details of further holes in Adobe's products.

On Friday the firm - which employs programmer Dmitri Sklyarov, who was at the heart of the investigation into Elcomsoft's breach of the Digital Millennium Copyright Act (DMCA) - posted details of yet more vulnerabilities in the eBook software.

Elcomsoft made postings to the BugTraq and Vuln-dev security mailing lists without notifying Adobe first.

"Some time ago we found much more serious problems with another [piece of] Adobe software and reported it to the vendor; however, there was no response at all, so we decided not to waste our time reporting this one [the problem with the library] to Adobe," the company said.

In the postings Vladimir Katalov, managing director of Elcomsoft, released methods of breaking security features on Adobe's eBook Library system.

The eBook Library is designed to be a secure repository for eBooks and allows users to 'borrow' titles for a specified number of days. Working just like a real library, other users cannot borrow the same book until the lease period is up.

But Katalov identified a method of borrowing all the books in the library for an unlimited time period, effectively a denial of service (DoS) attack against the eBook Library.

"It is very easy to implement something like a "denial of service" attack for the library: just get all copies of all books from the library so ... no books will be available to anybody else. Besides, there is ability to borrow the books for unlimited time," said Katalov.

The attacks can also be carried out by modifying scripts on the eBook Library website, meaning that no special tools are needed.

Two months ago a federal judge denied Elcomsoft's request to dismiss charges against it for breaching the DMCA, meaning the company now faces a criminal trial for its previous actions.

See also:

Adobe slammed over ebook security ... again
Elcomsoft pokes more holes into beleaguered platform  23 Jul 2002
Symantec snaps up SecurityFocus
Bugtraq users cry foul  18 Jul 2002
Skylarov employer faces criminal charges
Elcomsoft fails to get copyright infringement case dropped  09 May 2002
ElcomSoft wants copyright case dismissed
Russian company faces $2.25m fine if found guilty  29 Jan 2002
Hacking
2001: A Hacker's Odyssey  16 Jan 2002
sklyarov
Dmitri deal is struck
Skylarov is offered freedom in exchange for testifying against his employer  14 Dec 2001

All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
EA Integrator
Reading, Berkshire, United Kingdom | EDS
Position - EA Integrator Location - Reading Job Description: A skilled System Integrator to integrate application Test Harnesses to support business requirements. The Candidate will possess specific experience of enterprise systems, component validation and integrating ... more >
Analyst - Network & Telecoms
(Poole, Bournemouth, Dorset, Hampshire), United Kingdom | RNLI
Analyst - Network & Telecoms - £35,000+ - Poole, Bournemouth, Dorset, Hampshire Our data and voice network team's impact on the organisation is considerable. And with something in the region of 5,000 direct users connected ... more >
Technology and Systems Consulting Event
London, United Kingdom | Deloitte
Technology and Systems Consulting Event - LondonWith the right balance, you'll achieve great things. Join our Consulting practice and have the opportunity to balance your technical and business consulting skills to bring out the best ... more >
Communications Centre Engineer
Central London, United Kingdom | MI5 Security Service
Communications Centre Engineer - Competitive salaries + excellent benefits - Central London Getting the best out of technology is critical to helping us protect the UK. Join MI5 and use your skills and experience to ... more >
More job opportunities
Accountancy Age
Active Home
Best Practice
Computeractive
Computing
Computing Business
CRN
Financial Director
Infomatics
Information World Review
IT Week
Management Consultancy
Network IT Week
Personal Computer World
PC Magazine
VNU Web seminars
vnunet.com
Webactive
What PC?
Useful links: About vnu network | Privacy policy | Terms & conditions
Access keys | Top of page | Feedback
VNU Business Publications
© 1995-2008 All rights reserved
VNU Business Publications Ltd., 32-34 Broadwick Street, London, W1A 2HG, is a company registered in England and Wales with company number 01513633
part of part of vnu.net europe