Adobe Software Flaw Allows Free Movie Downloads

September 26th, 2008

Adobe Software Flaw Allows Free Movie Downloads

A security hole in Adobe Systems Inc software, used to distribute movies and TV shows over the Internet, is giving users free access to record and copy from Amazon.com Inc’s video streaming service. The flaw rests in Adobe’s Flash video servers that are connected to the company’s players installed in nearly all of the world’s Web-connected computers.

The problem exposes online video content to the rampant piracy that plagued the music industry during the Napster era and is undermining efforts by retailers, movie studios and television networks to cash in on a huge Web audience. “It’s a fundamental flaw in the Adobe design. This was designed stupidly,” said Bruce Schneier, a security expert who is also the chief security technology officer at British Telecom.

The software doesn’t encrypt online content, but only orders sent to a video player such as start and stop play. To boost download speeds, Adobe dropped a stringent security feature that protects the connection between the Adobe software and its players.

The free demo version of Replay Media Catcher allows anyone to watch 75 percent of anything recorded and 100 percent of YouTube videos. For $39, a user can watch everything recorded. Tvadfree.com explains step-by-step how to use the video stream catching software.

Amazon.com’s Adobe-powered Video On Demand service allows viewers to watch the first two minutes of a movie or TV show for free. It charges up to $3.99 to rent a movie for 24 hours and up to $14.99 to download a movie permanently. Amazon starts to stream the entire movie during the free preview — even though it pauses the video on the Web browser after the first two minutes — so that users can start watching the rest of the video right away once they pay. However, even if a user doesn’t pay, the stream still sends the movie to the video catching software, but not the browser.

Amazon’s Video On Demand is the Web retailer’s answer to declining sales of packaged movies and TV shows and the growth in demand for digital content that can be viewed and stored on the Internet.

One possible solution would be to protect the video with a digital rights management (DRM) system. A Seattle-based company called Widevine Technologies has a DRM system that can encrypt online videos using Flash.

Adobe said it issued a security bulletin earlier this month about how best to protect online content and called on its customers to couple its software security with a feature that verifies the validity of its video player.

An Amazon spokesman said content on the company’s Video On Demand service, which offers as many as 40,000 movies and TV shows on its Web site, cannot be pirated using video stream catching software.

Credit: Reuters@Yahoo News

Share this item with others:

More on CyberInsecure:

Recently Patched Adobe Reader Flaw Used By Miscreants To Hijack PCs

Code Execution Flaws Patched In Apple QuickTime 7.6

Adobe Patches Older Reader PDF Flaw, In Total 8 Vulnerabilities Patched

Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks

AVG Free Security Scanner Goes Multi-Lingual

Posted in Adobe, Vulnerabilities |

Print This Post

This entry was posted on Friday, September 26th, 2008 at 5:58 pm and is filed under Adobe, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

If you found this information useful, consider linking to it from your own website.
Just copy and paste the code below into your website (Ctrl+C to copy)
It will look like this: Adobe Software Flaw Allows Free Movie Downloads