Blog | News | Jobs
News centre
KnowledgeBANK
More from vnunet.com
ADVERTISEMENT

Adobe DoS vulnerability exposed

Elcomsoft finds more eBook failings

By James Middleton 15 Jul 2002

Elcomsoft, the Russian company facing criminal charges for the creation of tools to circumvent Adobe's eBook software, has published details of further holes in Adobe's products.

On Friday the firm - which employs programmer Dmitri Sklyarov, who was at the heart of the investigation into Elcomsoft's breach of the Digital Millennium Copyright Act (DMCA) - posted details of yet more vulnerabilities in the eBook software.

Elcomsoft made postings to the BugTraq and Vuln-dev security mailing lists without notifying Adobe first.

"Some time ago we found much more serious problems with another [piece of] Adobe software and reported it to the vendor; however, there was no response at all, so we decided not to waste our time reporting this one [the problem with the library] to Adobe," the company said.

In the postings Vladimir Katalov, managing director of Elcomsoft, released methods of breaking security features on Adobe's eBook Library system.

The eBook Library is designed to be a secure repository for eBooks and allows users to 'borrow' titles for a specified number of days. Working just like a real library, other users cannot borrow the same book until the lease period is up.

But Katalov identified a method of borrowing all the books in the library for an unlimited time period, effectively a denial of service (DoS) attack against the eBook Library.

"It is very easy to implement something like a "denial of service" attack for the library: just get all copies of all books from the library so ... no books will be available to anybody else. Besides, there is ability to borrow the books for unlimited time," said Katalov.

The attacks can also be carried out by modifying scripts on the eBook Library website, meaning that no special tools are needed.

Two months ago a federal judge denied Elcomsoft's request to dismiss charges against it for breaching the DMCA, meaning the company now faces a criminal trial for its previous actions.

See also:

Adobe slammed over ebook security ... again
Elcomsoft pokes more holes into beleaguered platform  23 Jul 2002
Symantec snaps up SecurityFocus
Bugtraq users cry foul  18 Jul 2002
Skylarov employer faces criminal charges
Elcomsoft fails to get copyright infringement case dropped  09 May 2002
ElcomSoft wants copyright case dismissed
Russian company faces $2.25m fine if found guilty  29 Jan 2002
Hacking
2001: A Hacker's Odyssey  16 Jan 2002
sklyarov
Dmitri deal is struck
Skylarov is offered freedom in exchange for testifying against his employer  14 Dec 2001

All Hacking

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story
RELATED ARTICLES

Other websites
Accountancy Age
Active Home
Best Practice
Computeractive
Computing
CRN
Financial Director
Information World Review
Management Consultancy
Personal Computer World
vnunet.com
Useful links: About us . Privacy policy . Terms & conditions . Advertise
UK Subscriptions
Overseas Subscriptions
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503