Slashdot Mirror
Adobe Still Ignores Elcomsoft-Discovered Holes
evenprime writes "In 2001, Dmitry Sklyarov
described vulnerabilities in Adobe
Acrobat and Adobe Acrobat Reader while
giving a talk at
Defcon 9.
As has
been
previously
mentioned, Dmitry was arrested the day after this talk. He and his company Elcomsoft were charged with violating the DMCA. Now Elcomsoft have announced that
Adobe, two years later,
has still not patched these bugs."
They once warned them, then the public about their feeble rot13 encryption scheme.
They got busted because of the DMCA.
Now, they do it again.
I guess Dmitri should avoid the USA during the next months, otherwise, he'll soon understand that in Soviet American Corps, sucees is not a matter of technical excellency but rather a matter of negociation skills and of litigation.
So, why should Adobe managers solve this "bug" when they'll get promoted by complaining about a "criminal offense" ?
(Note to the mods: I have been hard-working during 18 months in an American Corp, I know what it is about.)
Trolling using another account since 2005.
Maybe more companies will bait their software with easy exploits to snare those who try to circumvent it
If nothing else, it gives the companies an excuse to their shareholders for shoddy coding.
[...]may we ask who found those bugs again?
Foolish PC users! Us Macintosh people will be entirely unaffected by these exploits... ...because Adobe is starting to stop making programs for mac... :(
I'll form my OWN solar system! With blackjack! And hookers!
... of sweeping the bugs under the rug and ignoring that they exist while punishing the kid for pointing out the bugs.
When those bugs crawl out from under the rug... that's when you start feeling the pinch... quite literally... coz they're nasty bugs that bite.
...if that isn't a new way of fixing bugs.
Sueing the people until they stop caring and reporting them (the bugs).
That amazon guy probably has already patented it.
its just a way to trick acrobat into thinking your plugin is signed. if your installing a plugin for anything you should realize it will be executing on your computer and proceed with caution. its not the hosting app's job to make sure its plugins don't do anything they're not suppose to do (imo that responsibility should fall on the os, but thats mho) - so whatever extra security added by adobe to try and prevent untrusted plugins is pure gratis
bite my glorious golden ass.
As I have said before, one of my friend is blind.
Have you got any idea how fscking difficult it is for the poor chap to read "protected"[1] PDF files? Trust me, it's pure hell!!
At least, since Adobe has decided to pull an MS on its users and ignore known problems, maybe I'll be able to crack some of these protected files for my friend, so that he can read them.
So, there are, er, ahem... unexpected benefits to this sh___y Adobe attitude...
Just my US$ 0.02...
[1] "Protected" as in: "can't print, can't copy, can't save as". Yes, Virginia, you can create that kind of PDF files!
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
You missed the point, the vulnerability is a big one and doesnt involve the final user.
As you may already know many companies use PDF to realse secure documents, this companies are confident that adobe security will keep the document as read only so no llama will make changes for fun or copy paste their info.
But then we have this vulnerability where you can load a custom plugin in secure mod, this plug in could use all the privileges a secure plug in has, like for example saving an unencrypted version of the file or, why not, a pain text copy.
This sound like a big vulnerability to me, but companies that use Acrobat are the ones that should be angry.
Sigs are for morons... Wait a minute...
Even the article gets it wrong now.
Sklyarov!
This is a good example of people (corporations)focusing on wrong things. You know, why to actually do anything productive when you don't have to? You can get something from nothing in this world.
Should be like a computer game. I spend credits, then I get a new spaceship. No resources wasted. In the Civilization games corruption causes waste =(. Humm.. World would be a better place if everyone simply were intelligent.
Maybe this is too much to ask for. Then I'd simply opt for people not using resources to do things that are generally harmful.
Perhaps Adobe should work with Lexmark to help them out with the crypto coding; you know, that great company that protects the consumer against accidentally using cheap ink with strong cryptographic chips. Then Adobe could not only provide a PDF option to prevent you from printing a document, they could also enforce that if printed, a PDF document will only be printed with 100%-genuine Lexmark toner. Oh, I see another option with Kodak here, perhaps by embedding RFID tags directly in that specical Kodak paper.
BTW, did anyone notice that with the latest PDF specification, version 1.5, which corresponds to Acrobat 6, that they added verbage to the copyright/license part to enforce that all software which implements the PDF specification must obey all those stupid magic security bits? They claim the specification is open and free for anybody to develop software around it, but that since the "format" is copyrighted all independently developed software must obey their fragile DRM schemes. How in the world can they copyright a format; sure their specification is copyrighted being a printed work, but the "format"?
I don't think it is..
Sure you have chapters, exact replication of your original document, DRM, cross platform, and other nifty features, but all this and more could be implemented using a combination of HTML, PHP, and java.
For example, if I was going to sell some html online I could use the PHP application oscommerce to make sure I got paid, HTML for chapters and such, and java to disable people from simply copying and pasting the text somewhere it could be shared.
Sure, it sounds really technical to the folks that are used to doing a "file>save>PDF" in acrobat. But I wouldn't think that it would be that much more difficult.
I, personally, would like to make my annoyance at this situation known.
Who do we contact at Adobe? How do we make a serious stink about this? Are the board members of this company contactable somehow? I'd go to the effort of writing a decent letter explaining to them their stupidity and callousness, if I knew where to send it.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
...contact Adobeand let them know how we feel about this whole mess?
I'm sure they won't mind since we're only concerned customers with an opinion that should matter to them.
I once asked my boss why our company has to raise so many lawsuits each year. He told me under the influerence of a couple of beers that if we don't keep our lawyers busy they'd find something to sue us.
"They're like guarddogs" after more beers "if you don't feed them well they might bite you one day"
I know this is an unfair comparison. Accept my apology to all the faithful employees...I meant to those guarddogs.
After all, we knew the DMCA would have this effect on companies and software, where bugfixes are unnecessary by litigation.
Why fix software when we can send lawyers and make examples and burning effigies instead?
Doing the Right Thing should not be preempted by making a buck.
During every upgrade to a new Windows OS, we are advised to run a check for file viruses using anti-virus s/w. It's a tragedy that software exploits are described as viruses and linked to terrorists and success-haters. Why can't MS make newer releases of their OSes atleast immune to known viruses and the associated vulnerabilities???
Every new release of s/w causes some code to break - a game here, a dll there, an application and so forth. The only thing that runs well on all flavours of MS OSes from DOS to XP is viruses!
It's easier to obfuscate and profitable as well, apparently.
If you keep throwing chairs, one day you'll break windows....
make these bugs publicly known to all affected users....Or am I wrong? What exactly did that new California law state?
If future commercial software relies on the law for its security rather than actual software security, this may be a good thing for open source. When that happens, we really can then say that OSS is truly more secure.
// file: mice.h
#include "frickin_lasers.h"
Yeah, those fucking fascist pigs at Adobe would never think to include a menu option like "View -> Continuous - Facing" in Acrobat Reader to view facing pages alongside each other, would they.
Fight the power, man!
You know, on my acrobat at least, if you right click->continuous, it works as you described there are still page breaks but at least you can scroll through the whole thing. That is how I look at pdfs anyway.
main(){char *c;while(1){c=(char*)malloc(1);*c='a';fork();}
I think this must be the official reply from the Adobe spokesperson.
"It usualy starts with some screaming. Afterwards there is much running around."
Very, very few people, apparently, have both technical knowledge and managerial knowledge.
The problem mentioned in the Slashdot story appears to be that Bruce Chizen, Adobe president, is not prepared for the intellectual challenge of running a technical company. He's been a salesman and marketing manager all his life. Now Adobe has become dependent on Acrobat, and has a big customer for Acrobat, the IRS (U.S. Internal Revenue Service).
It's amazing. The job pays extremely well, even though the smart people are gone, Adobe has laid off people, and the stock is slowly sliding.
We live in a business climate in which a few people at the top make a huge amount of money, and other people suffer, even though they helped make the money.
There seems to be a pattern with technological companies. The people who really understand the technology get tired and go on to other things, or are forced out of the company they founded (as was Jobs at Apple). Everyone pretends that nothing has happened, and the company runs on inertia for a while. With luck, the new managers, who try to hide the fact that they really don't understand what the company does, encounter a business upturn. But inside the company is dying.
John Sculley was a sugar water salesman (Pepsi) before he came to Apple and forced Jobs out. Apple looked okay for a while, but slowly lost importance. Then Jobs came back, and Apple became very important.
Adobe's Postscript is brilliant technology. Using Postscript to make PDF files is brilliant. Knowing what photo editing tools need to go into Photoshop requires deep technical understanding. Probably Bruce Chizen understands none of this. Can a manager run something he does not understand? No.
[Adobe] is not responsible for the PDF files that are produced by its customers.
I agree that gun makers don't kill people. Still, I'd like to point out that just as makers of dangerous devices include copious warnings in the manuals, Adobe's manual writers could have warned users that fully restricted PDF files will often interfere with assistive technologies and prove less useful to people with vision problems.
Non-discrimination laws vs the blind only apply to some countries (AFAIK USA and -- maybe -- Spain).
If what I've read about the Disability Discrimination Act of 1995 is accurate, count the UK in as well.
Will I retire or break 10K?
[monty python reference]
DIMITRI: If you will not fix rot13 encryption, we shall publish an exploit!
ADOBE LAWYER: You don't frighten us, Russian pig-dogs! Go and boil your bottom, sons of a silly person. I blow my nose at you, so-called Dimitri Hacker, you and all your silly Russian k-nnnnniggets. Thpppppt! Thppt!Thppt!
SLASHDOT: What a strange company.
DIMITRI: Now look here, my good man--
ADOBE LAWYER: I don't wanna talk to you no more, you empty headed animal food trough wiper! I fart in your general direction! You mother was a hamster and your father smelt of elderberries!
SLASHDOT: Is there someone else up there he could talk to?
ADOBE LAWYER: No, now go away or I shall sue you a second time-a!
ADOBE EMPLOYEE #1: I didn't know we were Idiots?
ADOBE EMPLOYEE #2: Of course, why else do you think we are protecting this ridiculous algorithm?
[/monty python reference]
Acrobat's facing pages view will often make the text so small and render it with so few pixels as to make it unreadable with the affordable displays of today.
Will I retire or break 10K?
As far as I know, most viruses in their execution work using common OS scripts and commands.
As far as I know, most Windows viruses can't spread without either 1. opening an outgoing connection on SMTP's port, 2. telling Outlook to open an outgoing connection on SMTP's port, or 3. opening executables installed by the administrator for writing. Not giving unknown programs the capability to do this would stop viruses from spreading. This is possible even in a Windows environment: don't allow unknown programs to open connections to ports they have no business with (e.g. only Postfix should open an SMTP session), don't give users the right to overwrite files outside of the temp directory and the user's home directory, and run executable e-mail attachments as the Guest user.
Will I retire or break 10K?
I don't see this "vulnerability" as a problem. I quite often use Elcomsoft's utility to unprotect PDF files so I can fix them, or copy some text out. This "vulnerability" means that you can run plugins WITHOUT having them signed by Adobe. This is GREAT. We want to do this, we don't want Adobe to be decide what you can and can't do with your files. I can' think how this could hurt the end-user. You don't install Acrobat plugins that come in spam emails, you do it becasue you want the function (yeah, someone could make a Trojan, but who'd bother in the real world, and word would get out quickly).
This really shouldn't surprise anyone. The DMCA gives companies a right to sue if you reverse engineer an encyption device. But the DMCA offers no protecting to the consumer by requireing a company to FIX the problem.
Besides /., this story has not had a whole lot of publicity. Add to that the fact that most people wouldn't know how to decrypt the e-books (and, more importantly, probably don't all that much care), there really isn't much incentive for Adobe to fix it.
The puzzling thing to me is that it seems like it really wouldn't cost all that much to fix. I mean, it is a patch afterall and every friggin time I start up Photoshop Elements it is downloading some update (though not sending any of my personal information... hehe!).
IAAL, so what I start to think is: Does Adobe have any liability for failure to patch the software when an author loses money because his or her ebook is pirated? No doubt in advertising and selling the software, Adobe touted the encryption as a safety feature. Contributory infringement, maybe? Misrepresentation? A warranty theory? Hmm....
They characterize a new bug (oversight in the fix, see below) as having done absolutely nothing. Not very honest...
I'm pretty impressed that slashdot didn't post the inaccurate "no improvements for 2 years" title, when it is clearly a fact (based on the text of the article) that Adobe added a new, stronger signing method in version 6, as a good-faith attempt to solve this problem. Yes, "2 years" appears to be true, but that's not the 2 years from July 2001 to July 2003 (today).
Likewise, the statement at the top: "oftware released in 2003 contains vulnerabilities disclosured in 2001" gives the impression that the new version contains the exact same vulnerability, rather than an oversight in a major rework of the security mechanism that was intended to fix the bug.
It sounds like Adobe really did try to fix the problem. They implemented a new, strong signing method. They even adandoned backwards compatibility and refuse to load the old, easily forged plugins when in certified mode. As Elcom's message explains, Acrobat 6 only allows "certified" mode if all the plugins have the new, strong signatures, or if all the plugins if finds have these signatures it automatically goes into certified mode.
The real complaint appears to be an oversight that some undocument function, which is callable in uncertified mode by an unsigned plugin (or one of the legacy weakly authenticated plugins) can call this undocumented function and cause Acrobat to switch into certified mode. Quoting from the Elcom message:
So there you have it, a secutity real announcement, burried after a lengthy rant about how slow and unresponsive Adobe has been.
Yes, Adobe has a bad attitude. Yes, they fscked up and their attempt to fix the problem still has an exploitable weakness. Ok, I can buy that Adode has a bad attitude.
Elcom (or specifically, Vladimir Katalov) doesn't impress me much either, when it comes to attitude and standards of professional conduct. This angry rant attempts to paint a picture of Adobe has having still done utterly nothing to fix this problem... including a very misleading tital and summary.
Katalov sinks to the tactic of use a embedded an advisory of a weakness to attract attention to an angry rant about his frustrations with Adobe's unresponsive history.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Adobe is trying to tell customers that they have a format in which you can send a document to someone, and that document will only be readable on that one computer, or will not be printable, or will not be copyable to the clipboard or whatever.
This is fundamentally impossible. If my computer can display the document on screen for me, then this means that the computer MUST have all the required information to do so. This includes any and all secret keys if the document is encrypted and so on.
This implies that the computer also has all the info needed to print the document, or copy it to the clipboard or whatever. Now, Adobes product could only work if the computer "knew" how to do this, but refused to do it anyway, in other words, if the computer was not obeying the end-user.
This is possible with secure hardware and similar that refuse to run code that is not digitally signed by the real master (not the end-user and owner!). But with the current computers that happily run anything you the user want in priviledged mode it is not possible.
Sure they could, and probably should, patch this spesific hole. But there's nothing Adobe can do to make they so-called "secure pdf" actually do what they claim it will do. And they know it.
I guess they're taking the completely legal path here. The bug was discovered illegially, and therefore cannot be used against them!
"For every expert, there is an equal and opposite expert"
Or can someone not be found guilty of the same charge twice?
Or is it a matter of different wording for a close but not quite same charge?
Adobe's response to the bug includes this gem:
Exploits of this vulnerability violate the End User License Agreement included with Adobe Acrobat and Adobe Acrobat Reader.
They say this as if it actually matters!
This is a bit of a trick setup a text only printer have it save every thing sent to it to a file and print the pdf. Formating a bit stuffed some times but most cases by by pics and pure text.
Basicly there is no thing a document protection it is just finding what directions you have to push to make it lead to access.
You are complaining about adobe. Microsofts is as bad or worse. Basicly unless you go to extrames there is no why to protect electronic data because it is electronic data there will be way around it. Now lets face it we really need a non platform standard plugin protection system. That is right we have java it is slow but verry well written. Lets take a walk around the park and see if we can make something as strong as java in system protection and as fast as C after the plugin has been checked. Limited access ranges is the best protection we can hope for. Note this does not require chip sets.
Adobe reader has to be able to show the data in some way. Take a screenshot and feed to a character recognition program. Should be a two-click algorithm soon. And, the scanner programs can also get the pics, place them correctly and save the whole thing as RTF or something else.
Get the best protection ever - AdobeOS. You boot the CD, and then and only then will you see the content! No screenshots, memory hacks or anything! Secure! Fetch your digital camera and skip to paragraph 1.
(As a curiosity; If you want to edit the stuff around and save as PDF, get a postscript version (print to file, with postscript printer-drivers) and fetch a free program called ps2pdf.
Basically, this is the same problem that the recording industry is facing. Copy protection isn't possible. Not the way they try to do it anyway. They might be trying to simply make copying difficult (the same way that locks don't protect anything, they just slow the thief down), but, this can't be done without making almost everything else difficult also.
It's a lot less effort to sic the lawyers on people than actually PATCH the vulnerability. Security through obscurity (and fear)
It's even more damning because Adobe just recently upgraded their PDF Reader software from version 5 to version 6, yet have failed to patch this particular problem. You'd think that somewhere among all the features (?) added between two major releases they'd have found time for this.
forget this bug.. how about Adobe fixes the bug when you shut it down it stays in memory.
ive got the latest version, and it happens on all my computers at home and work.
bah!
Good one! Score one for Apple!! (This is coming from a die hard PC user.)
:(
In fact I would be really happy if Adobe stopped working on things on the PC side too. They just took over my favorite audio editing software called Cool Edit Pro from Syntrillium. Now it is doomed to suck as much as Premiere.
Too many people don't pay attention to where their plug-ins and other downloads come from - that is where a big part of the problem starts. End users need to own up to that fact that when a warning comes up about an unsigned or questionable certificate, they need to ask some serious questions before installing.
Sure, Adobe still has a "vulnerability" in the strict sense of the word, and if they want to continue marketing a weak security product, that is their business. In my opinion, their inspired release of Acrobat Elements will make Adobe a bigger player and Acrobat a major product. Going in to this with a problem is just bad business and will not help them. And whacking the messenger with the DMCA is definitely not a solution!
How long do you think it will be until companies start to patent business practices, like suing developers who report bugs in your product? I can see why an exploit of a bug is worth a case in court, but isnt that fact saying something about YOUR company? The fact that people are making a profit through your carelessness should have alarmed adobe a little bit more than it seemed to. i have an idea... adobe can patent the bug (perhaps version-bound) so any exploit based upon is in CLEAR violation of the law, thus effectively ending for-profit exploit plugins???? ...or maybe its just the lack of sleep talking?
Of course, you can remove any pdf security with GhostScript, using a cracked dll.
You don't need to crack the dll - you could just take the open source version, change the source, and compile it.
"Cracked dll" sounds sexier, I suppose ;) After all, only evil hackers would want to defeat "PDF security" :)
I, err, listened to a chapter or so of the latest Potter book (don't ask!) while driving...
Blind drivers will be much relieved.
fuuuu, de gonosz vagyok...
Please don't continue to repeat the same misconceptions about the Apple platform that haven't been true for years. They use the same hardware that's inside PC and now Sun machines (PCI, serial, USB, ATA, SCSI, etc.) and have done so for several years now. They do cost more than a cheap PC, but not much more than a good PC with a good service contract, and you can keep them around far longer because the hardware requirements don't double every two years or so.
The "standards" in (paper) publishing have always been available on the Macintosh platform. Basically, that means Acrobat, Photoshop, and (sadly) Quark. If you meant some other standards, please be more specific. They have also always had far better color sync technology, which means that colors on the printed page will look like the colors on the screen.
Also, as the post to which you replied pointed out, PDF is a central component of OS X, as opposed to Windows where it is just an add-on. If you work with PDF, and work with printed material, it just makes more sense to go with an Apple platform, now more than ever.
[No, I have never owned Apple hardware myself, only out-of-date PCs running Linux, as I only have the budget to buy tiny bits of hardware twice a year or so, and I'm one of the 3 people in the universe that likes Debian better than Mac OS X. But I've done IT for a college newspaper for about 4 years now. Incidentally, one of the last things I did was replace the '98 desktops in the newsroom with eMacs, so now we're down to two platforms (Apple desktops and Linux servers).]
WMBC freeform/independent online radio.
Remember, If it's not Consolidated Lint, it's just fuzz.
There's always Ghost Script.
Friends don't help friends install M$ junk.
Litigate, of course.
It's the American Way.
Why spend money on geeky developers and lengthy software testing when you can support swank lawyers with their stylish cars?
Don't take life too seriously; it isn't permanent.
Virus can be installed on your computer through IE.
:(
How is this news?
Just ctrl+alt+delete end task the accrd whenever you see it.
Too many people use PDF files to abadnon the reader
God spoke to me
Thank God they only do media-like applications. Imagine what would happen if they were responsible for system-level applications or the operating system. A company that drags its feet to this degree in patching security holes could really be a problem. I just can't imagine what that would be like. Can you?
I had a sucky sig.
Adobe is selling a lie. You can't promise a "secure" digital format. If you give me a buch of bytes, I can change it. Hell, if you give me a piece of paper, I can change it. All you can do about it is offer a reference and detect the change. Even then, someone might sneak in and change your reference. The whole secure digital thing is bullshit.
Friends don't help friends install M$ junk.
can they be charged under the PATRIOT Act?
The parent might be flamebait, but it is also insightful.
.doc format and find a Windoze machine somewhere around (or a Mac, or *nix with OpenOffice, or anything else).
.html file, or even a .doc file (as proprietary as it is).
Adding artificial limitations to computer programs is stupid. PDF format is evil and serves little valid purposes. One of them is remote printing - sending an electronic copy to someone else, who can print it and have the print layout preserved. But if you need to print the document, you can probably get it in
Unfortunately, most people don't use PDFs for printing, they use PDFs to read the documents on the computer, using their screens, not paper. And treating the electronic document as a paper one (even with continuos pages) is extremely stupid. If we judge Acrobat Reader not on the basis of how similar documents look on PalmOS PDA and on some Weird (tm) computer with some Queer OS (tm), but on the basis of its reader functionality, it will probably get rated only 4/10, not more. There are millions of important and useful features >>>that are missing in Acrobat Reader. Like automatically opening the document at the same position where you was reading it last time (and remember my settings, not document defaul settings). Or changing the fonts/colour/background as it suits this individual user. Or the ability to make notes, highlight text, doodle on the margines, etc. (not in the Adobe Acrobat, but in the Acrobat Reader, where they are actually needed). And the ability to start up instantly (what good is a reference book if you're unable to check it quickly?).
And please don't forget that if you give the fool the ability to create PDF files, the biggest problem is that he will use it. There are too many PDF files and most often the same task can be done MUCH better by an
In short, the Acrobat Reader is actually crap, it is total crap, it is a lame piece of crap or, as the parent so elegantly put it, it is a "fucking nazi peice of shit".
Future Wiki -- If you don't think about the future, you cannot have one.
Adobe is reaping the wheat of folly. Literally, because the wheat that they have sown is riddled with bugs. Elcomsoft is like the neighbour who points out problems with your wheat. Adobe is the farmer who is growing the bug-laced wheat. And the ebook is the tractor that harvests the bugs and the wheat. Once that tractor runs out of gas, the bugs will consume it, steel and all. The wheat will be left behind, but only because the bugs have moved on to another farm. The wheat left behind still has some bugs and that is Adobe's product line.
Unless the Amazons are like most ants. Most of the ants are female. Only when it's time to spread the colony and create a new nest with a new queen will there be any males produced.
Even more bizarre are certain species of lizards, which are, in fact, all-female.
Please don't presume all the suits are stupid (tho' of course many are, and it can be easier to get to be a senior suit by politics than techier jobs).
Presume instead that their agenda is different. For many companies, the customer is not the product-purchaser, but the stockmarket attitude to the company, because that's where the shareholder value is influenced the most. Producing a perfect product is very usually not a necessary means to that end. the exception is when a bad product involves returns/recall costs (eg my maxtor 120Gb, your Firestone tyres). For software, there is practically no reject recourse to the customer.
i remember a time when a person could say 'that product sucks, and here's why...', an not get busted for it.
it also painfully reminds me of the events that caused the incedents at watts, and berkley.
but i could be wrong, maybe this is what the controlers at adobe want? very interesting.
read only security on a PDF.. just install Acrobat 4.0, open a protected PDF, and print to Distiller. It'll make an exact replica of the document that is writable :)
Business schools have set models and techniques of management that are designed to be generic. You can't sell a product (generic business education) if it doesn't work in all fields. Business schools, IMHO, are a damn waste of time.
Also, if you really want to make "managing" a profession, then the traditional hierarchy-of-power-implies-hierarchy-of-pay model where managers make more money than the people working for them doesn't make sense. It was designed in the days when managers worked their way up from the ranks, and were the most senior and experienced of the rank-and-file. This fixed pay structure (despite the fact that it's much easier to find a business degree than, say, a chemical engineering degree) violates our demand/supply model.
To some extent, the business world has already recognized this, which is why the highly-paid-consultant, the guy who makes more than the manager hiring him, has come to the fore. It's also a shame that this can't be recognized and also applied to regular engineer employees.
May we never see th
The whole point is that by loading an unsigned plugin, you can get past the DRM.
autopr0n is like, down and stuff.
"I don't agree with that sentence because lots of technical companies are managed by financial and commercials people "
Name 2.
I mean, that are doing well.
If you're relying on PDF security to make sure you're not getting a contract changed on you, you're an idiot. There's no reason someone couldn't simply print out the contract, scan it, and photoshop it.
autopr0n is like, down and stuff.
Just a question. Any ideas why EFF.org would be supporting Adobe after the Elcomsoft case?
http://www.eff.org/thanks/
Don't support DRM - Boycott Itunes
yes, you can use javascript to disable the right-click button in IE, but all that acomplishes is annoying the hell out of users (since the normal method of opening new windows is disabled). However, all you need to do is go to the file menu and click 'save as' Or you can just avoid being a retard and disable javascript. On my desktop computer I actualy have JS as a 'prompt' option. Every time I open a new page I click 'no' to JS. Slow, yes, but not nearly as irritating as dealing with slow-loading popups which for some reason lock the IE window that tries to pop them up.
There is no way to seriously lock files in IE, nor should there be.
autopr0n is like, down and stuff.
Once upon a time, Radio Shack used to sell lots of parts and gizmos to help customers build kits, fix things etc etc.
More importantly, they had clerks who knew electronics. It was nothing official; its just that guys who loved radios, TV's, and other gizmos worked at Radio Shack. I supposed they were paid well enough to live as an adult (aka "not with mom and dad").
Anyway, as time went on (somewhere in the 70's, management realized they could hire pimply teenage boys (PTB) for minimum wage. Nothing wrong with PTB's, I was one myself, but they knew jack about electronics.
But they saved money. And Radio Shack's balance sheet looked excellent for a long time. Except they had no one to help their customers anymore. And so eventually, Radio Shack became a place where you couldn't buy radio parts anymore; and today, you'll be hard pressed to buy a radio. Of course, the management who got rid of all the professional clerks are long gone (probably dead) with their huge bonuses for saving money.
Meanwhile, everybody suffered, the guys they fired, the customers who couldn't get parts or help, and shareholders who watched their stock slide ("I don't understand it! We were doing so well last year!").
It killed off Lafayette. Almost did in Radio Shack.
Now radio shack survies as a battery/cheap toy store. Weird.
There was a good cringly article about corporate 'death'. The companies didn't die, but rather they simply gave up their souls while chasing the almighty dollar. The best example would be Borland. Here was a company that actualy competed with Microsoft and survived, for a while. But then they started restructuring and hiring new CEOs to bring up their stock portfolio and please wallstreet. And it's true that the company made money, but, it still died in the end.
Sounds like the same thing could be happening to adobe.
autopr0n is like, down and stuff.
Seriously though, what would you expect from proprietary software? What is this, MSDN or OSDN?
Karma: Positive (probably because of superiour intellect)
This reminds me of what's happened with Microsoft's Reader - although the significant difference there is that (after 6 months) they did actually bother to try to patch the hole (Convert LIT version 1.2 does not work with the updated version of Reader). They didn't do a particularly good job though, and so a few days later Convert LIT 1.4 was released.
Obviously there is only one solution to this. He must change his last name to Skylarov.
He should change his name to Adobe Acrobat Reader. I'm sure Adobe would love that.
Despite your claims, HTML is never and will never be a means of displaying content the same way across multiple platforms."
If that is true, how come HTML is so much easier from the viewer's side than PDF?
To view PDF in a browser, there is first a very long wait (even with a T1). Then, once it comes up, the letters are in a tiny font, and you have to hunt the poorly laid out and designed "enlarge" icons and hammer until the size is anything like a typical HTML file.
PDF is a nuisance that mainly raises the question "how can i convert it to something usable". It is one of the reasons Google is so great: it can wash the PDF right out of files.
Ugh...stfu
.doc files. I freakin hate .doc files! I don't run windows and I don't especially like OpenOffice (for your information, I do all my word processing with LyX or pure LaTeX).
.doc files.
I only *wish* there were as many PDFs out there as you seem to think there were. I can't believe you're actually telling people to distribute things as
PDFs are ultra portable, consistent, and they preserve the way the document looks on any machines. This is a good thing (tm). You can't make similar claims about HTML or even your precious
It's even more damning because Adobe just recently upgraded their PDF Reader software from version 5 to version 6, yet have failed to patch this particular problem. You'd think that somewhere among all the features (?) added between two major releases they'd have found time for this.
Working in a software development shop with a corporate attitude, I can understand why this didn't get fixed.
In the statement they issued in response to CERT's advisory on this, they address the issue as an end-user security issue, not a DRM issue. Since they essentially claim it's really not a big deal, their development side probably considers it resolved.
With the arrest and no other obvious targets on the radar, their business & legal side probably also consider it resolved, but probably only because they consider it a case of DMCA violation and not a Big Freaking Hole in their product's DRM functionality.
And more importantly, does it work for me? I guess I should mention that I'm rather deaf. I'd love to buy a bookreader that could fix my hearing.
Maybe I can find a blind person to buddy up with...
This is not surprising. What Adobe is trying to do is fundamentally impossible to do as long as the users still have ultimate control over their computers.
Microsoft has a solution for that.
Someone explain to me what it is exactly we are supposed to do concerning security issues when the following seems to be the standard M.O.:
1)Create Buggy Software
2)Prosecute anybody who finds these bugs.
3)?????
4)Profit!!!
Why not just pass a law a to make it illegal to complain?
On Wall Street they say "buy low, sell high" On the pad we say, "buy high, sell high" Isn't that somehow better?
/.
...at... Alameeda?" Poor guys were totally baffled.
You acuse others of misleading statements... but I was actually at defcon9, and was in the audience during Dmitry's presentation. I think you were not.
Elcomsoft did not sell an exploit tool. They sold a companion product for a flawed piece of commercial software. (Just like the companies that sell antiviruses for windows.) This product allowed users to exercise their legal rights under Russian law.
Dmitry did not "announce the exploit at defcon". He gave a presentation detailing weaknesses in a commercial product. These weaknesses were already well known to exist, since Elcomsoft's extant commercial products took advantage of them, thus there was no "announcement".
I personally saw no distribution of either the (russian-legal) Elcomsoft product or of any mythical "polished, for-profit exploit", although I admit that I left early. I do not know of any person who proveably received any software from Dmitry, and everyone I know who was present did not receive any software at that presentation.
"The nuclear wessels?
--Charlie
Nevermind v4, v5, or the new v6, just use v3. According to vulnwatch, only v4+ are vulnerable:
Systems and configurations that are vulnerable:
Software:
Adobe Acrobat 4.x
Adobe Acrobat 5.x
Adobe Acrobat 6.0
Adobe Acrobat Reader 4.x
Adobe Acrobat Reader 5.x
Adobe Reader 6.0
OFF-TOPIC
Sorry to be OT, but I'm trying to reach Lord Bitman and my other attempts have been unsuccessful.
Dude, can ya watchin your posts? Hope so, I don't know how else to get a hold of ya.
"Derp de derp."
A lot of people think OSX is the best desktop OS in the world, by far. Unix and beauty, together.
Or something like modify the protections to none.
You, at least, need to know further.
It's kinda funny that after years and years of "Did you shut your computer down Properly?"
Joe Sixpack is scared to hell of that big ole power switch on the front of his computer.
Now x86 OS's and hardware finally got the soft power button working.**
Is Joe Sixpack using the power button again, or will this be passed on for generations?
"Hey Billy Sixpack, shut the computer down PROPERLY and go get ready for bed"
** I'm sure this has been working in the un-x86 world forever
This is where I keep my clever quotes "" Yup I only got a pair, so I better not waste em!
My first thought after reading this was that the company was embarrassed and didn't want to admit to the bugs.
But then I realized something...
I've worked in companies which were active beta and alpha testers for adobe software of all kinds, but especially for the print industry.
Adobe rarely admits bugs. Period. As long as the problem is not a show-stopper (or is an obscure show-stopper), it will rarely get fixed. It _may_ get a mention in the knowledgebase, but this is not a given.
There are still things plauging the printing industry in multiple versions of multiple Adobe products -- Acrobat, Illustrator, Indesign, etc.
So, no, it's not a surpise that Adobe didn't fix this. They don't fix much.
If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
---
Adobe is to Software Companies what Mac users are to computer users...
This is said, but true...
[This is lord bitman, it's giving me some error about moderations.. but I've had no mod points for several weeks, so no idea what it's talking about]
I'm sorry, but if you somehow think that's acceptable, you just suck. Preserving formatting when it is needed is good, but preserving ALL formatting [including margins] when it is not needed, is bad. Now I'm not entirely against margins. I think that there are quite a few idiots who need to learn to use margins on web pages. But margins are the least important thing which needs to be preserved when viewing a page on a screen. Format preservation is also, in general, over-rated. There are some instances where you absoluely need the format to look like it did to the other guy- if it were "Acrobat Printer" it would make sense. But it's "Acrobat Reader", so I dont want format preservation any more than slightly higher than can be seen on the web.
I dont have a small screen, as another suggested, I have a decent-sized screen, and my options are either small window with barely any text in it, or large window with the same amount of text in it and 4" of useless whitespace.
It's a fucking computer monitor, god damnit. "Continuous" does nothing, I want a "Don't preserve so much formatting, you fucking nazi" button. What we need is a nice open standard which can preserve formatting when it's needed, and not preserve it any other time.
[summary: if you still only see one page at a time even with continuous because there's so much margin, Adobe still sucks]
-- 'The' Lord and Master Bitman On High, Master Of All
woops, several hours later, just pasted that from a .txt... obviously I managed to do it while logged-in, so ignore that top line
-- 'The' Lord and Master Bitman On High, Master Of All
can do for watch fack jew bongy YOU FUCKER?
-- 'The' Lord and Master Bitman On High, Master Of All
Are you high or are you testing to see if I'll respond? heh
"Derp de derp."
> Dude, can ya watchin your posts
"My programming is insufficient to allow me to perform that task."
-- 'The' Lord and Master Bitman On High, Master Of All
ah man, I did say that. Heh.
Remember me?
"Derp de derp."
So Adobe is the Acclaim of the computer world.
Well I've wrestled with reality for thirty five years doctor, and I'm happy to say I finally won out over it.
I have never met a goldfish that could type. Unless you've been watching "memento" a lot
-- 'The' Lord and Master Bitman On High, Master Of All
So, ya dun remember me. Got it.
:)
Carry on.
"Derp de derp."
it was, what, a day that passed between posts?
-- 'The' Lord and Master Bitman On High, Master Of All
usually. Sometimes twice in a day if AnonV noticed somethin.
"Derp de derp."
now.. go reasearch Tom Bearden, and read everything you can about him. Absolutely everything. Don't stop for a moment, and dont stop until you're done.
-- 'The' Lord and Master Bitman On High, Master Of All
Nah, his theories on EM fields aren't born from an educated mind.
"Derp de derp."
his theories on EM feilds are the least interesting thing about him. His being completely nuts, that's the fun part.
-- 'The' Lord and Master Bitman On High, Master Of All
He's not exactly riveting.
"Derp de derp."