The problem exposes online video content to the rampant piracy that plagued the music industry during the Napster era and is undermining efforts by retailers, movie studios and television networks to cash in on a huge Web audience.
"It’s a fundamental flaw in the Adobe design. This was designed stupidly," said Bruce Schneier, a security expert who is also the chief security technology officer at British Telecom.
The flaw rests in Adobe’s Flash video servers that are connected to the company’s players installed in nearly all of the world’s Web-connected computers.
The software doesn’t encrypt online content, but only orders sent to a video player such as start and stop play. To boost download speeds, Adobe dropped a stringent security feature that protects the connection between the Adobe software and its players.
"Adobe is committed to the security of all of our products, from our players to our server software. Adobe invests a considerable amount of ongoing effort to help protect users from potential vulnerabilities," it said in a statement.
Adobe said it issued a security bulletin earlier this month about how best to protect online content and called on its customers to couple its software security with a feature that verifies the validity of its video player. Read more...
If you're new here, you may want to subscribe to our RSS feeds. Thanks for visiting!
