R E L A T E D   C O N T E N T
Similar articles
IThound
News centre
More from vnunet.com
ADVERTISEMENT

Adobe DoS vulnerability exposed

Elcomsoft finds more eBook failings

James Middleton, vnunet.com 15 Jul 2002
ADVERTISEMENT

Elcomsoft, the Russian company facing criminal charges for the creation of tools to circumvent Adobe's eBook software, has published details of further holes in Adobe's products.

On Friday the firm - which employs programmer Dmitri Sklyarov, who was at the heart of the investigation into Elcomsoft's breach of the Digital Millennium Copyright Act (DMCA) - posted details of yet more vulnerabilities in the eBook software.

Elcomsoft made postings to the BugTraq and Vuln-dev security mailing lists without notifying Adobe first.

"Some time ago we found much more serious problems with another [piece of] Adobe software and reported it to the vendor; however, there was no response at all, so we decided not to waste our time reporting this one [the problem with the library] to Adobe," the company said.

In the postings Vladimir Katalov, managing director of Elcomsoft, released methods of breaking security features on Adobe's eBook Library system.

The eBook Library is designed to be a secure repository for eBooks and allows users to 'borrow' titles for a specified number of days. Working just like a real library, other users cannot borrow the same book until the lease period is up.

But Katalov identified a method of borrowing all the books in the library for an unlimited time period, effectively a denial of service (DoS) attack against the eBook Library.

"It is very easy to implement something like a "denial of service" attack for the library: just get all copies of all books from the library so ... no books will be available to anybody else. Besides, there is ability to borrow the books for unlimited time," said Katalov.

The attacks can also be carried out by modifying scripts on the eBook Library website, meaning that no special tools are needed.

Two months ago a federal judge denied Elcomsoft's request to dismiss charges against it for breaching the DMCA, meaning the company now faces a criminal trial for its previous actions.

See also:

Adobe slammed over ebook security ... again
Elcomsoft pokes more holes into beleaguered platform  23 Jul 2002
Symantec snaps up SecurityFocus
Bugtraq users cry foul  18 Jul 2002
Skylarov employer faces criminal charges
Elcomsoft fails to get copyright infringement case dropped  09 May 2002
ElcomSoft wants copyright case dismissed
Russian company faces $2.25m fine if found guilty  29 Jan 2002
Hacking
2001: A Hacker's Odyssey  16 Jan 2002
sklyarov
Dmitri deal is struck
Skylarov is offered freedom in exchange for testifying against his employer  14 Dec 2001

All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
SQL Server 2008 Developer
| Computer People
SQL Server 2008 Developer – Staffordshire – Market Rate – 3 - 6 month initial role Computer People have an exciting opportunity for a SQL Server 2008 Developer within an Large organisation based in Staffordshire. ... more >
JAVA DEVELOPER CREDIT DERIVATIVES & FIXED INCOME - GRID
| Aston Carter
JAVA J2SE DEVELOPER – CREDIT DERIVATIVES amp; Credit Derivatives (CDS, CDO, CDX, IRD, IRS), Exotics and Structured Hybrid products. Technical skills include: Server side Java, SQL, Sybase, SOAP, WEB SERVICE and OOA/D. Nice to have ... more >
JAVA DEVELOPER CREDIT DERIVATIVES & FIXED INCOME - GRID
| Aston Carter
JAVA J2SE DEVELOPER – CREDIT DERIVATIVES amp; Credit Derivatives (CDS, CDO, CDX, IRD, IRS), Exotics and Structured Hybrid products. Technical skills include: Server side Java, SQL, Sybase, SOAP, WEB SERVICE and OOA/D. Nice to have ... more >
Java, C++, SQL Analyst Developer – Interest Rate Risk
| Aston Carter
Java, C++, SQL Analyst Developer – Interest Rate Risk Java, C++, SQL, Analyst Developer, interest rate, risk, credit risk, market risk, perl, scripting • At least 2-5 years experience developing in C++ and Java • ... more >
More job opportunities
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP and Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Software engineer jobs
Inquirer Jobs Firmware developer jobs, Electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . V3.co.uk
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2009
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in England and Wales with company registration number 04038503