All the latest UK technology news, reviews and analysis

Adobe DoS vulnerability exposed

by James Middleton

15 Jul 2002

Be the first to comment

  • Tweet this

Elcomsoft, the Russian company facing criminal charges for the creation of tools to circumvent Adobe's eBook software, has published details of further holes in Adobe's products.

On Friday the firm - which employs programmer Dmitri Sklyarov, who was at the heart of the investigation into Elcomsoft's breach of the Digital Millennium Copyright Act (DMCA) - posted details of yet more vulnerabilities in the eBook software.

Elcomsoft made postings to the BugTraq and Vuln-dev security mailing lists without notifying Adobe first.

"Some time ago we found much more serious problems with another [piece of] Adobe software and reported it to the vendor; however, there was no response at all, so we decided not to waste our time reporting this one [the problem with the library] to Adobe," the company said.

In the postings Vladimir Katalov, managing director of Elcomsoft, released methods of breaking security features on Adobe's eBook Library system.

The eBook Library is designed to be a secure repository for eBooks and allows users to 'borrow' titles for a specified number of days. Working just like a real library, other users cannot borrow the same book until the lease period is up.

But Katalov identified a method of borrowing all the books in the library for an unlimited time period, effectively a denial of service (DoS) attack against the eBook Library.

"It is very easy to implement something like a "denial of service" attack for the library: just get all copies of all books from the library so ... no books will be available to anybody else. Besides, there is ability to borrow the books for unlimited time," said Katalov.

The attacks can also be carried out by modifying scripts on the eBook Library website, meaning that no special tools are needed.

Two months ago a federal judge denied Elcomsoft's request to dismiss charges against it for breaching the DMCA, meaning the company now faces a criminal trial for its previous actions.

Do you agree?

 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.

Poll

The workplace of the future poll - in association with IBM

What will be the biggest change to corporate technology in the future?

89%

6%

1%

3%

1%

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Riso

Colour printing: why the bill keeps outstripping the budget

The wrong printers, for the wrong tasks on the wrong contracts

Qlikview

Magic quadrant for business intelligence platforms

Who leads the BI pack and who should we be watching out for?

Web Content Editor / Junior Web Designer-Yorkshire

HTML, CSS, Flash - Web Content Editor - Photoshop, Dreamweaver...

Bio Mass Programme Manager/Engineering/Supply Chain

Biomass Programme Manager/Engineering/Supply Chain/Heavy...

Head of Compliance

Head of Compliance My client is currently seeking...

Financial Reporting

THis role is working for a multi national Financial organisation...

Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.

To send to more than one email address, simply separate each address with a comma.