Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flaw Allows Full Movie Downloads For Free

Posted by Soulskill on from the it's-not-a-bug-it's-a-feature dept.

webax writes with this excerpt from Reuters: "[An Adobe security hole] exposes online video content to the rampant piracy that plagued the music industry during the Napster era and is undermining efforts by retailers, movie studios and television networks to cash in on a huge Web audience. 'It's a fundamental flaw in the Adobe design. This was designed stupidly,' said Bruce Schneier ... The flaw rests in Adobe's Flash video servers that are connected to the company's players installed in nearly all of the world's Web-connected computers. The software doesn't encrypt online content, but only orders sent to a video player such as start and stop play. To boost download speeds, Adobe dropped a stringent security feature that protects the connection between the Adobe software and its players." webax also notes that the article suggests DRM as a potential solution to the problem.

21 of 166 comments (clear)

  1. Ixnay ehtay olehay iscussionday by Anonymous Coward · · Score: 5, Funny

    Eriouslysay.

  2. Doublethink by QuantumG · · Score: 5, Insightful

    Wow, so even Bruce Schneier is subject to the DRM double think now? What part of this is hard to understand? You have to give the viewer the key so it can decrypt the video stream and play it to the user.. if the user can see it, the user can record it. Game over. No amount of "encryption" can change the facts.

    --
    How we know is more important than what we know.
    1. Re:Doublethink by The+Iso · · Score: 5, Informative

      Schneier didn't write the article. He is only quoted briefly.

      --
      "You don't need a weatherman to know which way the wind blows." - Bob Dylan
    2. Re:Doublethink by Anonymous Coward · · Score: 4, Funny
      From TFA:

      To boost download speeds, Adobe dropped a stringent security feature that protects the connection between the Adobe software and its players." webax also notes that the article suggests DRM as a potential solution to the problem.

      Whoa. Just...whoa. Friday night cognitive dissonance too much to handle!

    3. Re:Doublethink by David+Jao · · Score: 4, Interesting

      The dumb part here is that they send the whole movie to your computer even if you're just watching the free two-minute preview. The two-minute restriction is only enforced in the flash applet. Now, no amount of DRM can stop a paying customer from copying the movie, but a smartly designed system could certainly make the customer pay for the movie before giving the whole movie to them.

    4. Re:Doublethink by Spy+der+Mann · · Score: 5, Insightful

      The dumb part here is that they send the whole movie to your computer even if you're just watching the free two-minute preview. The two-minute restriction is only enforced in the flash applet.

      Web programming 101.
      Children, repeat after me: When you program for the web, NEVER, EVER trust the client.

    5. Re:Doublethink by TubeSteak · · Score: 4, Insightful

      Now, no amount of DRM can stop a paying customer from copying the movie, but a smartly designed system could certainly make the customer pay for the movie before giving the whole movie to them.

      Having the preview show you a preview length clip is not a "smartly designed system" it is basic common sense.

      Any site that try to protect their content with stupid tricks instead of creating separate content for the preview honestly deserve what comes their way.

      I guess content providers have to make a decision as to which is cheaper &/or better:
      1. Licensing DRM
      2. Buying extra hard drives to store preview clips instead of streaming from the full movie/audio/whatever

      --
      [Fuck Beta]
      o0t!
    6. Re:Doublethink by logicmethod · · Score: 4, Insightful

      Flash Player has had the critical flaw of not being able to cancel HTTP requests for years. This causes all kinds of problems for Flash / Flex developers across the board, not only for media streaming applications. Adobe has finally implemented a fix in Flash Player 10--which should be out of beta in the next few weeks--that allows the developer to actually cancel a request and stop the stream. The development community has been bringing this to Adobe's attention for years, and why it has only yet to be addressed is beyond me--it seems so basic. I agree that it isn't a great idea to use the actual media for a preview versus creating a separate preview version, but this flaw makes it extremely easy to grab any file that Flash requests.

    7. Re:Doublethink by squiggleslash · · Score: 5, Insightful

      Well, there are many points to the article, but one of them is that someone can watch the movie for free because Adobe's server software is set up to continue streaming the movies after showing the free "clip". That, indeed, is "stupid", it relies upon trusted client software. DRM is one solution to this problem, but another is not to stream content to people's PCs they haven't paid for.

      --
      You are not alone. This is not normal. None of this is normal.
  3. Ming boggles... by PineGreen · · Score: 5, Insightful

    ...at how fuckin dumb this all is. If you can see it, you can copy it, maybe it is more difficult, but not impossible. Do these idiots never ever learn?

    1. Re:Ming boggles... by gardyloo · · Score: 4, Funny

      He's also Merciless!

  4. in case you hadn't noticed by drDugan · · Score: 5, Insightful

    sadly, axxo and fxg and their black market friends already figured out years ago how to get movies for free to most anyone willing to look for them. it brings the end of an industry in it's current form.

    There are better models: allow people, if they choose, to take media without paying for it, but give them credit, additional access, and membership benefits when customers do sponsor/pay for the media they consume. It is really not that complicated... find something you can sell because you can no longer technically control the distribution of your product.

    Major media producers cannot change the progression of technology with policy and lawsuits. They would be so much better off to adopt what tech can enable, and build effective business models around providing customers with real value when they do pay for media, instead of using fear and lawsuits to force them to pay when they don't have to.

  5. Re:Switcheroo by fuzzyfuzzyfungus · · Score: 4, Insightful

    Typically, DRM related security bugs get fixed markedly faster than do security bugs that threaten the security of the computer the software is installed on. Just to remind you who the customer is, and who the consumer is, y'know.

  6. The internet enables free downloads. Seriously. by xigxag · · Score: 5, Funny

    You know what else allows full movie downloads for free?

    THE INTERNET.

       

    --
    There are two kinds of people: 1) those who start arrays with one and 1) those who start them with zero.
  7. This is new? by Toonol · · Score: 4, Insightful

    Doesn't everybody know that all flash video is easily accessible? Most of the time it's just a case of dragging it out of the cache. Sometimes you need to jump through more hoops, but I thought it was common knowledge that you could download it all.

    You have to re-encode it if you want to, say, burn it on dvd, but that's not too hard. I use winFF (yes, I use windows).

  8. From the article: by jrockway · · Score: 5, Insightful

    The problem exposes online video content to the rampant piracy that plagued the music industry during the Napster era and is undermining efforts by retailers, movie studios and television networks to cash in on a huge Web audience.

    Uh, the pirates were already uploading the full HD rips to Usenet days before the movies were even released. No pirate would want the shitty version Amazon is offering.

    --
    My other car is first.
  9. Not really a flaw by Wesley+Felter · · Score: 5, Informative

    There are two separate issues mentioned in the article.

    1. HTTP and RTMP are not encrypted and thus it's trivial to record any video sent over these protocols. This is well-documented and I'd hardly consider it a flaw. Flash 9u3 has DRM (RTMPE+verification), but most Web sites don't bother to use it.

    2. Apparently Amazon's movie store server will send the whole video whether the customer has purchased it or not. This is a bug, but it's Amazon's fault not Adobe's and Amazon should be able to fix it easily enough. Also, they're apparently not using all the DRM features available in Flash so their videos aren't as protected as they could be.

    AFAIK Flash DRM hasn't been cracked yet because no one uses it. I'm not an advocate of DRM, but as a practical matter I find it works better when you actually turn it on.

  10. Summary of "news" story... by evilviper · · Score: 5, Interesting

    In summary:

    Amazon.com is staffed by idiots... They thought it would be safe to stream the ENTIRE MOVIE, to anyone, FOR FREE. The ONLY protection being that they send a command to the Flash Player to "pause" playback after 2 minutes for those that haven't paid to watch the whole thing. Cheap software and instructions have sprung up all over the web, and everybody knows Amazon.com is going to get a boot up the ass by the media companies, and fix this "security" issue any second now.

    DRM is utterly redundant. They just need someone with 3-digit IQ in the company to teach them how to make a 2 minute excerpt clip that is free and publicly accessible, while keeping the full video password-protected.

    This is about on-par with an Apache "security announcement" that even if you don't make a link to a document on your HTTP server, it's still accessible! The horror!

    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  11. flaw? by theheadlessrabbit · · Score: 4, Funny

    "Adobe Flaw Allows Full Movie Downloads For Free"

    its not a flaw, its a feature!

    --
    -I only code in BASIC.-
  12. It's like 0-day shipping by iabervon · · Score: 5, Funny

    It's just like their instant delivery service, available for items that you've put on your wish list in advance. The way it works is that, when you put an item on your wish list, they ship it to you. Then, if you buy it, they give you the tracking number, you go to the shipper's site, and find that the item is on your porch, at which point you bring it inside and open it. If you don't buy it, eventually the shipper notices that it's been sitting on your porch for a while unclaimed and brings it back to Amazon.

  13. In related news ... by dougmc · · Score: 4, Funny

    In related news, researches have discovered that Gutenberg's printing press has similar flaws. By using modern technology such as photocopiers or cameras, or older technology such as monks and pens (or additional printing presses) criminals can create nearly identical copies of items printed with the press, depriving the original creators of the material of much needed compensation.

    Gutenberg did not immediately return calls for comment, however it's theorized that he did not build in an encryption option to his printing press in order to boot comprehension speeds (Simple substitution ciphers were well established at the time of the creation of the printing press, and Gutenburg could have easily applied their techniques in the creation of his press, however it's not entire certain how effective it would have been at preventing piracy. (Somewhat (at most) effective DRM techniques were developed centuries later.))