Adobe Still Ignores Elcomsoft-Discovered Holes

evenprime writes "In 2001, Dmitry Sklyarov described vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader while giving a talk at Defcon 9. As has been previously mentioned, Dmitry was arrested the day after this talk. He and his company Elcomsoft were charged with violating the DMCA. Now Elcomsoft have announced that Adobe, two years later, has still not patched these bugs."

relapse

[mirko]

They once warned them, then the public about their feeble rot13 encryption scheme.
They got busted because of the DMCA.
Now, they do it again.
I guess Dmitri should avoid the USA during the next months, otherwise, he'll soon understand that in Soviet American Corps, sucees is not a matter of technical excellency but rather a matter of negociation skills and of litigation.
So, why should Adobe managers solve this "bug" when they'll get promoted by complaining about a "criminal offense" ?

(Note to the mods: I have been hard-working during 18 months in an American Corp, I know what it is about.)

Re:relapse

[Goldberg's+Pants]

It's a lot less effort to sic the lawyers on people than actually PATCH the vulnerability. Security through obscurity (and fear).

Seriously, this isn't that surprising. Outside the tech sector, the Skylarov thing was largely ignored, and the Adobe vulnerability has been too. The sad thing is, as a writer, it pains me to see a format which is SUPPOSED to be secure be swiss cheesed. Would never use it myself, but Adobe are the real criminals in this. Defrauding people by saying "yes, this format is secure" when it quite obviously isn't.

Microsoft does the same... and profits!!

[jkrise]

During every upgrade to a new Windows OS, we are advised to run a check for file viruses using anti-virus s/w. It's a tragedy that software exploits are described as viruses and linked to terrorists and success-haters. Why can't MS make newer releases of their OSes atleast immune to known viruses and the associated vulnerabilities???

Every new release of s/w causes some code to break - a game here, a dll there, an application and so forth. The only thing that runs well on all flavours of MS OSes from DOS to XP is viruses!

It's easier to obfuscate and profitable as well, apparently.

Most people can't do both.

[Futurepower(R)]

Very, very few people, apparently, have both technical knowledge and managerial knowledge.

The problem mentioned in the Slashdot story appears to be that Bruce Chizen, Adobe president, is not prepared for the intellectual challenge of running a technical company. He's been a salesman and marketing manager all his life. Now Adobe has become dependent on Acrobat, and has a big customer for Acrobat, the IRS (U.S. Internal Revenue Service).

It's amazing. The job pays extremely well, even though the smart people are gone, Adobe has laid off people, and the stock is slowly sliding.

We live in a business climate in which a few people at the top make a huge amount of money, and other people suffer, even though they helped make the money.

There seems to be a pattern with technological companies. The people who really understand the technology get tired and go on to other things, or are forced out of the company they founded (as was Jobs at Apple). Everyone pretends that nothing has happened, and the company runs on inertia for a while. With luck, the new managers, who try to hide the fact that they really don't understand what the company does, encounter a business upturn. But inside the company is dying.

John Sculley was a sugar water salesman (Pepsi) before he came to Apple and forced Jobs out. Apple looked okay for a while, but slowly lost importance. Then Jobs came back, and Apple became very important.

Adobe's Postscript is brilliant technology. Using Postscript to make PDF files is brilliant. Knowing what photo editing tools need to go into Photoshop requires deep technical understanding. Probably Bruce Chizen understands none of this. Can a manager run something he does not understand? No.