Simple Plugin Installer. RB File Copies selected.rb file to the Plugins folder. ('Plugins')) RBS File Copies selected.rbs file to the Plugins folder. REVERSE – EFFECT PLUGIN Crack Free Download r2r Latest Version for Windows. It is full offline installer standalone setup of REVERSE – EFFECT PLUGIN Crack mac for 32/64. REVERSE – EFFECT PLUGIN Crack Free Download r2r Latest Version for MAC OS.
FileOpen are wankers Just for fun, here's what happened when I tried to view the DRM-protected PDF mentioned. So I pop the CD in my handy WinBox, navigate to the PDF file, and it opens Adobe Reader.
Unfortunately no PDF appears. Instead I get the following ominous-looking message: Click the Yes button. It opens IE, not my default browser. After a series of browser redirects that possibly starts at the Adobe site, it eventually settles down. Umm, exsqueeze me?
Baking powder? A sphincter downloads what?
I don't care if they did manage to somehow get a redirect from Adobe, there's no way I'm downloading anything from some anonymous IP address and sticking it on my pristine computer. Even IE, bless it's heart, is warning me not to do it. So the point here is to ridicule the wankers from the corporation, who are apparently the authors of this plugin and the perpetrators of this nonsense. Thanks guys, and may the popups of a thousand different Spyware variants infest your WINDOWS/SYSTEM32 directories.
(It should be pointed out that Sybex do provide an installer for the plugin on the CD.). As you note, the CD contains an installer. That's the one you'd want to use, since only the Sybex installer will let you open the files on the Sybex CD.
And only Adobe can explain why the Acrobat plug-in finder launched IE, rather than some other browser. Obviously that isn't our doing (you didn't yet have any of our code on your machine). Our installers are signed with Authenticode, and the anonymous IP is only because we hadn't yet transfered the fileopen.com domain to that IP. We provide the ActiveX only as a convenience; nobody has to run it, and it doesn't do any spying.
We have a message about that at Good luck with your blog, anyway. So are you telling me that even if I do the unthinkable and download your plugin from some anonymous IP address it won't even work with the PDFs on the Sybex CD? Sheesh, do you guys like pissing off your users or what? Do you understand why I first opened the PDF in Acrobat instead of using the Sybex installer? It's because I (more or less) trust my copy of Acrobat more than I trust any software on the Sybex CD. Can I take it from your dog-ate-my-homework excuse that you accept that downloads from anonymous IP addresses are bad?
Looking at the screenshot above there is no way to tell whether I am downloading from the intended source or not, and hence the trustworthiness of the download is severely in question. The privacy message is meaningless - there is no way for me to associate that message with the software being downloaded. But I don't care about whether or not I can trust your software. It's the global effects that I'm worried about. When supposedly reputable companies start distributing their software in this way, and it becomes acceptable practice to download from anonymous IP addresses, it lowers the barrier to entry for all the malware authors trying to get their crap onto our desktops.
FileOpen Systems produces software used by publishers to control their content. We don't, and in fact can't, give users permission to open files; only the publishers can do that. Our plugin is necessary but not sufficient to open Sybex's files, you also need to run their installer (or you can run only their installer - there's no requirement that you go to our site first). I do agree with you that it is bad form, and frankly a bit lame, that our installer is at an IP address. The whole browser-install system is new, as i mentioned; we're fixing that now.
Matt If you manage to finally get FileOpen working then let me know and I shall send you an email of a company that sells PDF conversion tools that remove the FileOpen DRM controls. This is not some hacking tool (I am not into that) but a legitimate company that converts PDF documents to other formats (so as long as you can get the fileopen plug-in working then once the file is decrypted then you can extract whatever you want from it). I can't understand why anyone purchases this product. Not only is it a pain in the ass for users to install but it does not seem to provide any security anyway. Maybe companies enjoy giving their customers a lot of pain for no reason what so ever. I got LD Convertor to work for me.
I guess it depends on what version of the plug-in you are using and what version of Publisher is used. I have found there are quite a few ways to get around Fileopen including converting back to PDF without any restrictions. I think a LOT of companies have wasted their money on this product. It is not even if you have have to try and crack Fileopen since simple utilities just get around all of the controls. Fileopen can be easily broken without any effort.
Fileopen might be bad news for a publisher but it is great news for me and other users who did not want any controls on their PDF files to begin with.
This paper explains how to bypass Adobe PDF Security using a Mac computer. “Adobe’s PDF protection scheme is a classic example of security through obscurity. They encrypt the content of a PDF file and hope that no one figures out how to decrypt it.” This paper explains how Adobe encrypts PDF files. This paper explains the current pitfalls of PDF security. If the PDF security solution you decide on can be circumvented by simple means, or is complex to setup and use then you might want to look elsewhere. If you think PDF plug-ins can’t compromise your security then perhaps you should read this. This paper covers the security analysis of the PDF format and malware attacks.
It shows why it is essential that JavaScript is disabled in Acrobat if you want to protect yourself against malware attacks. This paper discusses the flaws in the Acrobat Standard Security handler. So how do you protect yourself from PDF security attacks? This article explains how adopting an acceptable usage policy and disabling JavaScript can help.
This paper makes a survey on main e-book standards, application architectures and security mechanisms. The security strength and weakness of the investigated e-book systems are analyzed and presented. Adobe has been plagued with poor implementations of DRM security for PDF files and EPUB ebooks and reports of spying on user activity. In 2009 Adobe Digital Editions DRM was broken by i♥cabbages allowing users to remove the DRM protection from Adobe ebooks – “There is very little obfuscation in how Adobe Digital Editions hides and encrypts the per-user RSA key, allowing fairly simple duplication of exactly the same process Digital Editions uses to retrieve it.”. Adobe announced a strengthening of their DRM system in 2014 but there are many companies claiming to easily remove Adobe Digital Editions DRM. Whilst most people know that is trivial using freely available PDF password cracking tools, you may not know that standard Google applications also provide this functionality.
The reason PDF restrictions password removal is so simple is that Adobe relies on the honor system for PDF password security (i.e. Please obey the restrictions placed on this document). How to print a password protected PDF or permanently remove print restrictions with Google Drive.
How to permanently remove PDF passwords using Google Chrome. Adobe Acrobat PDF Security Vulnerabilities – 2015-2017 Adobe Reader updates have been made available to address remote code execution and information disclosure. Security issues in Foxit’s PDF Reader enable a remote attacker to execute arbitrary code by running unauthorized and malicious JavaScript on a user’s computer. A vulnerability in Acrobat Reader could allow an attacker to access sensitive information via a user opening a malicious document. This could trigger a memory address leak that the attacker could leverage to access sensitive information.
Customers have reported losing e-books from their libraries after having upgraded to the latest version of Adobe Digital Editions. Access being denied to PDF documents and ebooks after an Adobe update is not new. Companies that have implemented the Acrobat PDF DRM plugin have also had furious customers unable to access protected PDF files since every time Acrobat is updated the PDF DRM plugin no longer works. Adobe has released security updates to address multiple vulnerabilities in Acrobat, Reader, and Digital Editions. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Updates have been released in both March and May addressing the same security issues. It is discovered that attackers can use a vulnerability related to font drawing and handling to take control of the host computer.
This vulnerability can be included in so-called “weaponized PDFs”. The latest version of CryptoWall 3.0, the dominant ransomware used by attackers, is included in yet another email campaign targeting both individuals and companies. The malware gets on user’s computers via a resume.PDF file. Scammers are using redirecting websites and cloaking in order to bypass Google filters and present users with malicious PDF files.
Attackers are embedding malicious.doc files inside PDF files in order to infect host computers. Adobe Acrobat PDF Security Issues – 2011-2014 A vulnerability in eBooks is found that, when the infected eBook is launched on an Amazon Kindle device, can lead to attackers taking control of the user’s Amazon account. Adobe planned to update their PDF and eBook DRM procedure in July, rendering all previous eBook readers and protected documents obsolete. This meant that publishers had to update their entire libraries and millions of customers would have had to buy new eBook readers and download updated versions of the documents they already owned. Adobe have been spying on users without them knowing, gathering data on the DRM protected ebooks that have been opened and pages that have been read. Adobe also scans all the metadata from all of your ebooks on your hard disk and uploads that information to their servers. The updates address 8 vulnerabilities that could crash a computer system and allow an attacker to take control.
Adobe are to release an emergency PDF security patch to their Acrobat software after malicious PDFs have been circulating in the wild that install apps on the victim’s computer which steal passwords and system configuration data, and can log keystrokes. Acrobat and Adobe Reader on both Windows and Mac are vulnerable. Evidently the Sandbox is not that effective after all The latest Adobe Reader software comes with new internal security features and an improved sandbox that will make the products harder to attack and exploit, according to Adobe. At last, a secure Adobe PDF Viewer? The security update plugs a hole that could allow a hacker to utilize a maliciously crafted PDF file to gain access to a user’s system.
Visiting a site with this exploit could lead to unexpected application termination or arbitrary code execution. The 13 new bugs included memory corruption vulnerabilities, buffer and heap overflow bugs, a cross-document scripting flaw, a DLL load hijacking vulnerability and a “security bypass” bug (a Reader X-only vulnerability that under certain circumstances lets an attacker force the Reader browser plug-in to download a non-PDF file). A security researcher from FireEye Malware Protection said that many PDF security issues are generated through the support of inherently insecure script languages such as JavaScript and XML and the support of flash and video.
Most virus packages cannot detect malicious scripting and there are many places in a PDF document for hiding arbitrary data. Adobe recommend to disable JavaScript or use the sandbox introduced in Acrobat Reader X. Adobe PDF Security Issues & PDF DRM Vulnerabilities – 2010 PDF Security issues to be sandboxed in Adobe X Adobe Reader X introduces the sandbox feature which restrains code execution to a limited area in order to protect the Operating System from threats originating from PDF documents. Adobe hope that this will tighten PDF Security and help prevent malicious code execution (JavaScript, embedded attachments, etc.) infecting a user’s computer.
Some experts say however that buffer overflow exploits and filesystem risks are not protected by the Adobe Reader X sandbox and so a truly secure Adobe PDF Reader is not yet available. The latest PDF security issues affect Adobe Reader and could lead to a full scale denial of service attack or remote execution of malicious code on a user’s computer. Google have announced the beta release of their integrated PDF viewer to the Chrome Browser.
PDF files are automatically opened in a sandbox within the browser to stop PDF security issues such as malicious code from executing on the user’s computer. Microsoft have release a toolkit that can be used to fix a security flaw in Acrobat and Acrobat Reader and prevent a hacker taking over a user’s computer when they open an ‘infected’ file. Malicious PDF files exploiting this flaw have been found. Adobe have yet to release their own patch for this PDF security issue despite issuing a in which they announced that the flaw was indeed critical. The Inept PDF Decrypter released back in June to decrypt FileOpen PDF files is being actively updated (FileOpen crack updates occurred in July, August & September).
The publisher claims that the FileOpen hack script will remove all DRM restrictions from any FileOpen protected pdf file produced by FileOpen Publisher, FileOpen WebPublisher, FileOpen RightsManager or FileOpen RightsServer. Folowing releases from Foxit and Apple to fix PDF security issues in their own Readers/Browsers, Adobe has released their latest patch to prevent a potential hacker crashing and then gaining control of a user’s computer. PDF Security fix annouced by Apple fixes major PDF security issues Apple has produced a security fix for the iPhone and iPad to create a more secure Adobe PDF environment. The PDF security exploit could let hackers do critical damage to your iOS device if you simply open a malicious PDF file. Apple are urging users to upgrade to the latest release which while fixing the PDF security issues, also stops the iPhone and iPad from being JailBroken Foxit Fix PDF Security issues to protect users from malicious PDFs It took Foxit Software Corporation just 48 hours to provide a security fix to their 100 million user base which enabled hackers to use malicious PDFs to access sensitive data on users computers. PDF security issues still continue to affect Acrobat however as Adobe have yet to provide a fix for their reader.
The latest PDF security issue to hit Acrobat is due to the way in which the reader parses fonts. This can be used by a hacker to produce a stack overflow error which then enables the intruder to remotely run malicious code on the affected computer. PDF Security issues enable Apple’s iPhone and iPad to be hacked A user visiting a malicious site using Safari can have their device hacked and/or infected with malicious files. If you visit a web page with a PDF that contains a program that causes a stack overflow, then this gives a hacker deep access to your iPhone or iPad. The exploit is possible on any iOS device running OS 3.1.2 or later.
Adobe are said to be looking at introducing a sand box in their next release of Acrobat Viewer to prevent malicious execution of code infecting user’s computers. The PDF security fix that Adobe provided for malicious code execution in Adobe Acrobat and Reader can be circumvented by attackers just by adding quote marks to their code. Malicious code can therefore still be executed and trojans installed on user’s computers without their knowledge. Adobe is being targeted by attackers determined to spread malware on to users computers.
The exploits are PDF documents containing JavaScript that, without the user’s knowledge or consent, download and launch other pieces of malware direct from the Internet. The same company that cracked the Adobe Adept DRM for EPUB has reverse engineered the FileOpen PDF DRM system. This crack affects FileOpen Publisher, FileOpen WebPublisher, FileOpen RightsManager and FileOpen RightsServer.
Just like last year, hackers exploited the bug in authplay.dll using rigged PDF documents, and also used it in drive-by attacks that enticed users into viewing malicious Flash streaming media on attack sites. Reader and Acrobat users can protect themselves by deleting or renaming authplay.dll. Doing so, however, means that opening a PDF file containing Flash content will crash the software or produce an error message. A PDF design issue is being exploited, enabling attackers to infect users with the Zeus Trojan.
According to Websense, attackers have been sending e-mails with a malicious PDF file. The attack is similar to a technique security researcher Didier Stevens disclosed two weeks before that used the launch action function to launch an embedded executable in a PDF file. Jeremy Conway, an application security researcher at NitroSecurity, illustrated how a benign PDF file might become infected using features supported by the PDF specification. “I chose to infect the benign PDF with another, and launch a hack that redirected a user to my website, but this could have just as easily been an exploit pack and or embedded Trojan binary,” Conway explains. “Worse yet this dynamic infection vector could be utilized to populate all PDFs for some new O-day attack, thereby multiplying an attackers infection vehicles while still exploiting user systems (‘worm-able’).” The attack was done without the use of external binaries or JavaScript. PDF security specialist Didier Stevens has developed a PDF document which is capable of infecting a PC – without exploiting a specific vulnerability.
Stevens says he used the “Launch Actions/Launch File” option, which can start scripts and EXE files that are embedded in the PDF document. Nuance has released a Free Secure PDF Reader which addresses a troubling PDF security issue found within some readers by giving users the option to prevent JavaScript installation – something the Adobe PDF viewer does not do. Preventing JavaScript installation creates a safer PDF environment for the end user and adds an additional safety net for IT professionals looking to safeguard their organizations. Hackers have used the PDF JavaScript vulnerability to gain control of a user’s computer – exposing users to system attacks and the transfer of personal information simply by viewing infected PDF files. Yet again, the use of JavaScript in PDF documents has compromized the security of users computers.
A new JavaScript exploit that can be hidden in PDF files and exploit a widely documented PDF vulnerability is making the rounds. Only 6 out of 40 anti-virus vendors can detect the malicious JavaScript. This is just one of many security reasons to make sure JavaScript is disabled in Acrobat! PDF Security Issues & PDF DRM Flaws and Cracks – 2009 The Barnes & Noble Desktop Reader application (BDReader) uses a modified Adobe Adept scheme, and stores decryption keys in plain text in a SQLite database, thus proving to be an easy attack. The privacy issue arises from the fact that your local disk path gets invisibly embedded inside your PDF files in the title attribute. When users print your PDF documents the local disk path is displayed. Users can also open your PDF documents in a text editor (i.e.
Notepad) to display your local disk path. Users must enable JavaScript to view ProtectedPDF documents. This exposes users to JavaScript-based vulnerabilities in Acrobat Reader, as well as possible loss of privacy. The latest vulnerability employs a JavaScript error which can enable malicious code execution on Windows, Mac and Unix clients.
Whilst Adobe are recommending that users disable JavaScript in Adobe Reader until another patch is released, other security advisers are suggesting that JavaScript be removed from PDF Readers completely as a permanent solution. The Sophos 2009 Security Threat Report, warned that hackers are increasingly looking at commonly used browser plugins like Adobe Flash and PDF in their attempts to infect innocent computer users. Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader while six vulnerabilities have been discovered that target the program, Mikko Hypponen, chief research officer of security firm F-Secure, said in a briefing with journalists. Top-level executives, defense contractors, and other people who have access to specific sensitive corporate or government information are subject to targeted attacks where an attacker sends a file that has malicious code embedded in it. Once the file is opened, the computer is infected typically with a back door that then steals data. Protected PDF crack / hack: PDF security through obscurity A hack to unlock protectedpdf files has been published that clearly shows the security offered by this PDF DRM software is simple to remove and is therefore no better than standard Adobe PDF password protection.
A critical vulnerability identified in Adobe Reader 9 and Acrobat 9 as well as earlier versions will call the aforementioned applications to crash and could allow an attacker to take control of the affected systems. Adobe also acknowledged that there are reports the vulnerability issue is already being exploited. PDF file can install malware without you even opening it!
Because of the way Windows file explorer works, infected PDF files can be executed without even clicking on them. The exploited files use JavaScript heap spraying to facilitate arbitrary code execution. “There is very little obfuscation in how Adobe Digital Editions hides and encrypts the per-user RSA key, allowing fairly simple duplication of exactly the same process Digital Editions uses to retrieve it.” Ziff Davis and other advertising companies were found to be serving PDF exploits through advertisements on their sites. The malicious PDF served did not exploit the most recent PDF flaw that hit the news on February 20th but a much older one that uses JavaScript to install malware on the users computer. PDF Security Issues & Acrobat Flaws & Cracks – 2008 ElcomSoft, the company that discovered a security weakness in Adobe’s eBook software back in 2001, has found vulnerability in another Adobe Product. While Adobe advertises Acrobat 9 as the most secure PDF production tool ever with enhanced 256-bit encryption, ElcomSoft has discovered that the new PDF protection system implemented in Acrobat 9 is even faster to recover than in previous versions. In fact, a hundred times faster.
“The new version of Adobe Acrobat is easier to break”, claims ElcomSoft CEO Vladimir Katalov, quoting a speed increase of two orders of magnitude for the new format. “The new product has surprisingly weak protection”, he adds. According to ElcomSoft’s CEO, using 256-bit AES encryption per se is not enough to achieve ultimate security without employing complex approach and consideration of the entire security system.
Bugs in Adobe PDF exploited by hackers Malicious hackers have targeted the PDF format yet again, exploiting the latest patches released from Adobe. At least one of the hacks is not quarantined by anti-virus software and enables the attacker to take control of the affected system as per the non-patched versions in May of this year.
Adobe has patched 17 security vulnerabilities in the Windows version of its Reader 8 software so far this year, in four separate patches. New toolkits appearing on the market specifically target vulnerabilities in PDF files to gain access to user’s computers and Adobe’s use of allowing more sophisticated technology to run within PDF files is to blame. Critical vulnerabilities have been identified in Adobe Reader and Acrobat 8 and 7. These vulnerabilities would cause the application to crash and could allow an attacker to take control of the affected system. Adobe PDF exploit infects ‘many thousands’, says researcher The vulnerabilities were in Adobe Reader and Acrobat’s handling of JavaScript and in how it refers to libraries that provide encryption and signature verification.
“Exploitation of these vulnerabilities would allow an attacker to execute arbitrary code as the current user,” the iDefense advisory said. The recent Adobe patch has done little to ease the fear of security conscious users. Exploit-laden PDF files will become more common in spear phishing attacks in the future since the Portable Document Format (PDF) is a de-facto standard for exchanging electronic documents online. PDF files have traditionally been unfiltered at the gateway and until recently were considered risk free–in contrast to the notorious history associated with Microsoft Office documents.
With the release of Windows Vista and Microsoft Office 2007, however, Microsoft has made it more difficult for attackers to use buffer overflow exploits. Therefore exploit writers are more likely to target the lower hanging fruit. Exploiting vulnerabilities in popular applications from Adobe, Apple, or RealPlayer are proving to be just as advantageous and profitable. Acrobat PDF Security Issues, Flaws & Cracks – 2007 A PDF vulnerability in Adobe’s Acrobat Reader has come to light that can lead to Windows PCs getting taken over completely without the users knowledge. All it takes is to open a maliciously rigged PDF document or stumble across a page which embeds one. Paul Henry, vice president of technology and evangelism at Secure Computing warned, the PDF threat is real. “The ability to use PDFs to install malware and steal personal information from remote PCs is here,” he said in a statement.” Readers should be cautioned to only open PDF files from senders they explicitly trust.” Adobe 8 PDF password security broken A single click of a button in pdf-Recover will remove the password, regardless of whether it has been encrypted using 40-bit RC4, 128-bit RC4 or even the latest 128-bit AES Adobe 8 Generation technology.
The result is an exact replica of the original PDF without any security settings whatsoever – pdf-Recover removes all of the restrictions implemented. The program is available for Windows 95 and later, MacOSX and Linux, and costs €19. Latest critical Acrobat flaw puts user’s computers at risk Another critical security vulnerability in Acrobat can let attackers crash vulnerable applications and execute arbitrary commands. Another company falls foul of the PDF format not realizing that hidden text can be easily revealed by copying it into notepad. Links with malicious JavaScript can access the user’s local machine and used to read files, delete them, execute programs, send the contents to the attacker, etc. The security problem exists because the Web browser plug-in of the Adobe Systems’ Acrobat Reader allows JavaScript code appended to links to PDF files to run once the link is clicked. PDF Security Issues and Ebook Security Flaws / Cracks – 2006 Adobe drop Acrobat Reader in DRM secure ebook product For Adobe’s latest secure ebook product, Digital Editions, Acrobat Reader is not supported.
Instead, users will have to download a new viewer that enforces DRM controls. Adobe state the 20MB+ file size of Acrobat Reader as one of the reasons they are not using it, but one suspects the fact that Acrobat Reader was not built with security in mind could be another. Whilst Acrobat is rich in features it is these very features that leave it open to attack. A malicious user can manipulate legitimate features in Adobe PDF files to open back doors for computer attacks. Malicious links (once the document is opened, the target’s browser is automatically launched and loads the embedded link), attacks that use Adobe Systems’ ADBC (Adobe Database Connectivity) and Web Services support, use of HTML forms and file system access are just some of the ways Acrobat can be compromised by a malicious user. ElcomSoft release PDF password cracker that breaks 128 bit encryption The utility borrows all the idle processing bandwidth on a network to brute-force-attack a password-protected PDF.
ElcomSoft CEO Vladimir Katalov says that the tool wasn’t designed to enable mischief makers, but rather, to combat mischief itself. From his security expert’s point of view, however, he opines that document-level password protection technically isn’t DRM (digital rights management). And because of the plug-in architecture of Acrobat and PDF readers, it makes PDF a less-secure platform for DRM. Full details of the product and pricing information can be found at.
![Plugin Plugin](http://4.bp.blogspot.com/-u0yhUNBNGYw/UkLs_n28FwI/AAAAAAAACTE/vzTAALdIjuY/s1600/OllyDbg_8.png)
Acrobat flaw could result in remote code execution Adobe released a patch on 11th July for a flaw that could allow a malicious PDF document to trigger buffer overflow. The overflow could cause Adobe Acrobat to crash and result in remote code execution if malicious content is inserted into a PDF file, according to the Adobe advisory. The flaw is considered critical by the company. Acrobat secure PDF files that are received in Gmail can be viewed as HTML if the ‘View as HTML’ link is selected. The full document is displayed as HTML even if the original PDF is secured against content copying or extraction. Respecting security permissions on a PDF file is therefore something that must be done on a “honor” basis by the application!
Adobe PDF Ebook Security Issues & Cracks – 2002-2005 Adobe Acrobat user gaffe exposes classified Defense information A military report on an investigation into the shooting death of an Italian security agent includes blocks of classified data that can be deciphered as easily as copying and pasting text. Multinational Forces-Iraq issued the report in Adobe Portable Document Format on April 30 as an unclassified document, with blocks of classified redacted information obscured from public view. But copying and pasting the classified sections into Microsoft Notepad reveals the blocked text. The breach was discovered by an Italian blogger shortly after the report was posted.
Wiley’s ebooks cracked despite using “secure” PDF DRM Wiley Publishers acknowledge that the protection used in FileOpen PDF DRM is not up to much – the pirated ebooks are available before the print books are distributed to all the bookstores who have ordered them. $20 Million Copyright Award A Boost To Publishers Specialized-information publishers won another weapon in their fight to protect their products from copyright violations last week when a federal court jury in Baltimore awarded NEPA member Paul Desmond a nearly $20 million judgment against financial-services firm Legg Mason Inc.
For violating his company’s copyright. Desmond, president of Lowry’s Reports, Inc., of North Palm Beach, FL, sued Baltimore-based Legg Mason after receiving reports that the company had been systematically circulating and putting on its intranet electronic copies (PDF) of Lowry’s Market Trend Analysis, a daily e-mail stock market commentary, for more than a decade. A serious flaw in FileOpen Publisher allows users to open “protected PDF documents” without entering an authorization code. There are many Adobe Acrobat and Adobe Reader plug-ins that can load (by design) only in certified mode. One example is all documents protected with “Adobe DRM” security handler (so-called eBooks).
Certified mode assures that all other plug-ins, loaded with those ones, have been also certified by Adobe. However, with this vulnerability, the plug-in with forged signature can perform virtually everything, including but not limited to:. removing or modifying any restrictions (from copying text to Clipboard, printing etc) from the documents loaded into Adobe Acrobat or Adobe Reader. remove any DRM (Digital Rights Management) schemes from PDF documents, regardless the encryption handler used – WebBuy, InterTrust DocBox, Adobe DRM (EBX) etc.
modify or remove digital signatures used within a PDF document. affect any/all other aspects of a document’s confidentiality, integrity and authenticity. The official US-CERT posting can be along with Adobe’s response “ FileOpen protection (including one implemented in expensive and “very secure” WebPublisher can be removed either instantly or in a matter of a few hours – without Adobe Reader, FileOpen plug-in itself or whatever. I’d call it “ snake-oil” (see Bruce Schneier’s definition of the term) because of multiple vulnerabilities. Their main protection is DMCA – Digital Millennium Copyright Act.)” – Vladimir Katalov, Managing Director,. In early 2001, Elcomsoft discovered a serious security flaw in Adobe Acrobat and Adobe Acrobat Reader. In July 2001, they briefly described it in “eBook Security: Theory and Practice” speech on DefCon security conference.
Since there was no reaction from Adobe (though Adobe representative has attended the conference), they reported this vulnerability to CERT in September 2002 (after more than a year), still not disclosing technical details to the public. Only in March 2003, CERT Vulnerability Note (VU#549913) was published, and after a week, Adobe has responded officially (for the first time) issuing the Vendor Statement (JSHA-5EZQGZ), promising to fix the problem in new versions of Adobe Acrobat and Adobe Reader software expected in the second quarter of 2003.
When these versions became available, whilst some minor improvements have been made, the whole Adobe security model was still very vulnerable, and so Elcomsoft sent a follow-up to both CERT and Adobe. Both parties failed to respond. In a blow to a controversial copyright law, a federal jury in San Jose on Tuesday acquitted a Russian firm of charges that it sold software designed to crack security on Adobe Systems’ electronic book technology. Thumbing its nose at the company that landed one of its employees in jail, ElcomSoft is pointing out new flaws in Adobe Systems’ eBook software. The flaws could allow someone to check out every copy of every book in Adobe’s new electronic library for an unlimited amount of time by changing the values in the loan form.
PDF Security, FileOpen and Ebook Security Flaws & Cracks – 2001 FileOpen Publisher and E-Book Security Pro weaknesses exposed Ebook Pro – “The $197 e-book protection software is advertised as 100% burglarproof and claims a list of Fortune 500 companies as its customers. Sklyarov found that the software “ encrypts” e-books by mixing each byte of the text with a constant byte. This is a technique so weak that it probably shouldn’t even be called cryptography.” FileOpen Publisher – “ The code can be broken instantly. FileOpen software, puts key information in the encrypted document, which is sort of like leaving your car with the keys in the ignition. FileOpen was chosen as an Adobe “security partner”, which leads me to wonder how closely Adobe examines the cryptography used by its partners.” Feds arrest Russian cracker for breaking Adobe’s PDF security controls. Last year ElcomSoft produced a piece of software that cracked FileOpen’s code — potentially driving it out of business.
FileOpen Systems condemns the actions of ElcomSoft in releasing software to remove encryption from PDF files. ElcomSoft’s Adobe PDF decryption banned in the US but not in Europe “In Germany and Scandinavia, our software is absolutely legal. We have requests from different companies who are ready to translate this program to German and distribute it in Germany without any limitations.” eBook security is an absolute joke and is even weaker than the standard PDF security It appears that the security placed on Adobe Acrobat eBook Reader files is not stronger but feebler than that for PDF files.