Adobe slammed over ebook security ... again

Russian firm Elcomsoft, currently facing criminal charges for releasing tools to circumvent copyright restrictions on eBook software, has intensified its attack on Adobe.

Firing a second shot across the bows in as many weeks, Elcomsoft released yet more details of how to beat the security on Adobe's eBooks.

Claiming to have alerted Adobe to the flaw, but having received no response, the Russian firm yesterday posted full disclosure of the glitch on the Bugtraq mailing list.

According to Vladimir Katalov, managing director of Elcomsoft, simply backing up a number of library files and 'voucher' files will allow users to consistently roll back the eBook application and lend out unlimited copies of any eBooks they possess.

The whole point of eBooks is that they are designed so that they cannot be copied. Instead they can be electronically 'lent' or 'borrowed', but only by one person at a time.

Adobe has been pushing its eBook Library software recently as a digital alternative to the real thing, but Elcomsoft has repeatedly poked holes in the system.

Following the release of this week's flaw, Katalov said: "The owner of the book can copy/print [an] unlimited number of portions of the book, ignoring the limitations set by the publisher. It is also possible to create multiple copies of any book."

Elcomsoft's recent hammering of the eBook software indicates that the company has a grudge against Adobe following the arrest of Elcomsoft employee Dmitri Sklyarov last summer. Sklyarov was arrested for creating software that exploited inherent vulnerabilities in the eBook software, a breach of copyright law.

Public pressure forced Adobe to drop the charges against Sklyarov and instead bring his employer to book.

"It is not very hard to implement a workaround by keeping and validating the checksum or digital signature of the whole vouchers file," said Katalov of the vulnerability.

"For that, however, both Adobe Acrobat eBook Reader and Adobe Content Server should be seriously updated."

See also:

Hackers push law to limit

DefCon delegate demonstrates copyright-breaking tech  06 Aug 2002

Skylarov employer faces criminal charges

Elcomsoft fails to get copyright infringement case dropped  09 May 2002

Hacking

2001: A Hacker's Odyssey  16 Jan 2002

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!