[Author Prev][Author Next][Thread Prev][Thread Next]
[Author Index (this month)][Thread Index (this month)][Top of Archive]

RE: More ethics...

Subject: RE: More ethics...
From: Kelley <kwalker2 -at- gte -dot- net>
To: "TECHWR-L" <techwr-l -at- lists -dot- raycomm -dot- com>
Date: Mon, 20 Aug 2001 01:23:59 -0400

Here's what the promo copy says for eBookpro:

"the only software in the world that makes your information virtually *100% * *burglarproof*! It comes with a lifetime, money-back guarantee!"

...

"At last, You Can Sell Information Online (And Make Thousands of Sales Per Day)--_Without_ The Danger of Having Your Information _Stolen_ and _Resold_ By Others"

Skylarov shows how easily cracked it is:

*)"Uses fixed encryption key for all documents"
*)Key could be easily found as text string inside the body of plug-in"

or, for another vendor:

*)"FileOpen Publisher2.3 encrypts ALL documents with one fixed key"

*)"FileOpen Publisher 2.4 uses variant keys, but the encrypted
document itself contains all necessary information to instantly
calculate encryption key"

and so forth ... Basically, the Adobe crack here amounts to finding out that, after all the security acrobatics (heh) Adobe went through, there was still an incredibly easy way to crack their product.

http://www.treachery.net/~jdyson/ebooks/

ooops! I've just distributed "illegal" information.

Andrew Plato wrote:

No, they might not have distributed the illegal material themselves, but
they provided the tools to do so with some prior knowledge that people
would use those tools to break the law. That is illegal.

If this were true, then I should be arrested for distributing the info above. So should the fellah who is hosting this PowerPoint of Skylarov's Defcon presentation, "Exposure of Adobe's Criminal Conduct."

Why did Skylarov do this? I don't know since I can't read minds. But I'm pretty sure, given the title of the presentation, that the guy is nauseated that, of the millions of excellent security pros out there, Adobe couldn't find it in their budget to hire one or ten. Or, as is more likely the case, the management of this project was horribly botched.

Now, on your logic, my distribution of this information, as well as Jay D. Dyson's and countless others who forwarded it, is breaking the law because we pass along information about how it is possible to steal something.

In this case, doing so, as Skylarov did, to expose the idiocy of a corporation that created a very insecure product was not an attack on Adobe, let alone an attack on authors who have spent or might have spent a small fortune to use products they've been told is secure. It wasn't an attempt to steal anything, but to show people--the corporate types who attend Defcon (there are many)--how ridiculously easy it is to break Adobe's "security".

Frankly, I'd say it's more akin to a Ralph Nader-like action designed to inform consumers that what they're buying is snake oil.

As someone pointed out already, it's a Good Thing (tm) that someone bothered to keep Adobe on their toes. It's a very Bad Thing (does anyone have the trademark on that? :) that Adobe didn't hire competent people in the first place.


Kelley

--
Kelley Walker
Organizational Researcher/Technical Writer
Interpact Inc., Security Awareness
www.interpactinc.com/

Internet & Computer Ethics for Kids: www.nicekids.net/




^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

*** Deva(tm) Tools for Dreamweaver and Deva(tm) Search ***
Build Contents, Indexes, and Search for Web Sites and Help Systems
Available now at http://www.devahelp.com or info -at- devahelp -dot- com

A landmark hotel, one of America's most beautiful cities, and three and a half days of immersion in the state of the art:
IPCC 01, Oct. 24-27 in Santa Fe. http://ieeepcs.org/2001/

---
You are currently subscribed to techwr-l as: archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.

References:
RE: More ethics...: From: David Knopf
RE: More ethics...: From: Andrew Plato

Previous by Author: RE: There's something about...................Technical Writers
Next by Author: Re: Asimov - Assumptions, the audience and arithmetic - Rant?
Previous by Thread: RE: More ethics...
Next by Thread: RE: More ethics...

[Top of Archive] | [Author Index (this month)] | [Thread Index (this month)]

What this post helpful? Share it with friends and colleagues:

Sponsored Ads