Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Movies Media It's funny.  Laugh. The Internet

Adobe Flaw Allows Full Movie Downloads For Free 166

Posted by Soulskill
from the it's-not-a-bug-it's-a-feature dept.
webax writes with this excerpt from Reuters: "[An Adobe security hole] exposes online video content to the rampant piracy that plagued the music industry during the Napster era and is undermining efforts by retailers, movie studios and television networks to cash in on a huge Web audience. 'It's a fundamental flaw in the Adobe design. This was designed stupidly,' said Bruce Schneier ... The flaw rests in Adobe's Flash video servers that are connected to the company's players installed in nearly all of the world's Web-connected computers. The software doesn't encrypt online content, but only orders sent to a video player such as start and stop play. To boost download speeds, Adobe dropped a stringent security feature that protects the connection between the Adobe software and its players." webax also notes that the article suggests DRM as a potential solution to the problem.
This discussion has been archived. No new comments can be posted.

Adobe Flaw Allows Full Movie Downloads For Free

Comments Filter:
  • by Anonymous Coward on Friday September 26, 2008 @10:56PM (#25174759)

    Eriouslysay.

  • Doublethink (Score:5, Insightful)

    by QuantumG (50515) * <qg@biodome.org> on Friday September 26, 2008 @10:56PM (#25174765) Homepage Journal

    Wow, so even Bruce Schneier is subject to the DRM double think now? What part of this is hard to understand? You have to give the viewer the key so it can decrypt the video stream and play it to the user.. if the user can see it, the user can record it. Game over. No amount of "encryption" can change the facts.

    • Re:Doublethink (Score:5, Informative)

      by The Iso (1088207) on Friday September 26, 2008 @11:00PM (#25174781)

      Schneier didn't write the article. He is only quoted briefly.

      • by Anonymous Coward on Friday September 26, 2008 @11:02PM (#25174799)
        From TFA:

        To boost download speeds, Adobe dropped a stringent security feature that protects the connection between the Adobe software and its players." webax also notes that the article suggests DRM as a potential solution to the problem.

        Whoa. Just...whoa. Friday night cognitive dissonance too much to handle!

        • hey, i know the best security method if you don't want people having unfettered access to your video content--don't stream it over the internet.

          • Exactly. Even if Adobe had encryption, there are still ways to capture anything shown on the screen. One solution uses software to do screen image captures 10, 15, or 30 times a second. If that doesn't work, a less-elegant but still workable solution is to point a camcorder at the screen and press record.

            Although, I'm not sure why somebody would even *want* to capture streaming video. (1) Its bitrate is low and poor quality (typically 500 kbit/s). Plus (2) you can buy the content cheaply ($30-50 per t

            • Re: (Score:3, Insightful)

              by debatem1 (1087307)
              "There is no cryptographic solution to the problem in which the attacker and intended recipient are the same person"
              When will they learn?
              • I think that depends on how you define 'attacker' and 'intended recipient'.

                For example, logic would dictate that with conventional DRM schemes, the 'intended recipient' is not the person who bought the material, but rather the system which is authorized to receive it.

                That creates a different paradigm, to which there are many cryptographic solutions but similarly, to which there are dozens of attack vectors due to having the decryption hardware essentially in enemy hands.

                However, that's not to say it's at al

                • in other words, giving consumers less control over the system they purchased, and handing that control over to corporate industries.

                  so i guess i'm just leasing the computer i paid $2-3 grand for. i guess that's about right as that's pretty much how DVDs, CDs, downloadable music, ebooks, etc. already work.

                  • Why do you conflate 'purchase' with 'own'? The two are not synonymous. Leasing is not necessarily the only alternative, either.

                    • of course not. owning something doesn't require a purchase, and "purchased" doesn't imply current ownership. but those are petty semantics. the fact is, when you purchase something, you are trading money in exchange for the transfer of ownership--even if it's ownership of a license.

                      even if we ignore the issue of consumer rights, unless the seller explicitly states otherwise, when you purchase something it's assumed that you are in fact purchasing that item--not just a license to use it (i hope i don't have

                    • That's not necessary. We exist in a 'twisted communist system' whereby all physical property is owned by the government, and individuals and businesses simply hold licenses to use 'their' computers, MP3/CD/DVD players, books, etc. within the terms specified by their government masters.

                      You don't believe me? Go ask a lawyer about fee simple and alloidal title.

                • by debatem1 (1087307)
                  The goal of cryptography is not to protect mechanisms, it is to protect information. An attacker, then, is anybody who you do not want to have the information you are trying to protect, while an intended recipient is anybody you do want to have that information. So, if the world is divided neatly into customers and pirates, cryptography has powerful mechanisms to protect your interests. But if even one individual can be a member of both groups, cryptographic mechanisms will fail to provide security of any p
                  • You miss my point. Encryption is about securing a communication between two points. The consumer, however, is not a 'point' because the consumer cannot decrypt the information (we do not all have built in decryption hardware in our brains).

                    This is true of all modern cryptosystems, without exception. Rather, the system that conducts the decryption is the end-point.

                    A cryptosystem is not designed to defend against an attack on the plaintext; that is, a cryptosystem does not exist that protects information that

                    • by debatem1 (1087307)
                      That's my point. DRM *is* designed to protect against plaintext theft. The use of cryptographic mechanisms to secure the data from point A to point B is irrelevant when your endpoint is untrusted.
                      The point about consumers not being endpoints is pretty much moot, however- whether it is on the network, in RAM, on the graphics hardware, or on the monitor, there is a point at which it will be in the machine and cleartext. At that point it will always be vulnerable.
                    • DRM is not designed to protect against plaintext theft. Notice it's called 'DIGITAL rights management'.

                      Moreover, your argument that there will always be a digital point at which the information will be extractable cleartext is fallacious. That's simply a matter of correct systems design, nothing more complicated.

                    • by debatem1 (1087307)
                      My God, you've figured out how to encrypt pixels! Genius! Let me know when you've got it working.
                      Seriously, though, I'm not sure why you think that plaintext can't be digital, but it is most certainly the case that so long as your user does not have an in-brain decryption mechanism, it will be the machine's job to render unto them movies, music, and TV in such a way that they can process it. If this is the case, then so long as you do not control the pipe between your system and them, they will always be a
                • This does not change a thing, because the system has by definition give it to the user in an unencrypted form.

                  There are simple rules to this:

                  • The user has to sense it in a way he understands.
                  • There are recording devices for every computer output that humans can understand.
                  • If he can understand the original, he can understand the recorded copy.

                  Now put your geek card on the table and slowly move away from the computer. We are taking you to the DRM hell.

                  • My point is that, in reply to the original post, which said:

                    "There is no cryptographic solution to the problem in which the attacker and intended recipient are the same person"

                    I am simply pointing out that that is not a problem that cryptosystems are designed to solve.

                    Of course there's no solution- you're looking at the wrong problem.

                    DRM, exactly what it says (Digital Rights Management) is a complicated cryptographic problem that can be solved technologically with correct systems design.

                    There are a handful

                    • by schon (31600)

                      I am simply pointing out that that is not a problem that cryptosystems are designed to solve.

                      While that statement is correct, that is *NOT* what you are pointing out. In fact, it is the complete *opposite* of what you are pointing out.

                      This statement is precisely what debatem1 said when he said

                      There is no cryptographic solution to the problem in which the attacker and intended recipient are the same person

                      , and which you directly attacked.

                      DRM, exactly what it says (Digital Rights Management) is a complicated cryptographic problem that can be solved technologically with correct systems design.

                      No, it can't. DRM by definition requires you to give the cryptographic keys to the end user. (Because the end-user must be allowed to view the content.) Every end-user is also a potential attacker (because if they weren't, then DRM is not needed.) If the attacker must ha

                    • by debatem1 (1087307)
                      Thank you; you've stated the case quite a bit more clearly than I could have.
              • "There is no cryptographic solution to the problem in which the attacker and intended recipient are the same person"
                When will they learn?

                Um.. that's the entire point of Microsoft Vista! Xbox 360 works flawlessly... of course the owner of the machine is a "user" not an "owner" and the machine is not programmable. If you want real security you treat the end user as hostile.

                • by debatem1 (1087307)
                  My point is that even if you completely secure the machine, if the attacker and intended recipient are the same person, all you have done is make a very complicated system for delivering cleartext to your attacker. The intent of the system is irrelevant.
      • Re: (Score:3, Funny)

        by QuantumG (50515) *

        I know, I actually read the article. Strange to be sure.

    • Re:Doublethink (Score:4, Insightful)

      by lysergic.acid (845423) on Friday September 26, 2008 @11:24PM (#25174917) Homepage

      yea, i think Adobe did the smart/sensible thing by leaving the stream unencrypted to boost download speeds. performance and speed are major considerations for streaming media.

      like you said, you ultimately have to give the user access to the unencrypted data so that they can view the content. so if they had done what the author suggests they should have done, then they would have just ended up with a streaming technology that's slower & wastes more bandwidth, and the DRM scheme still would have been easily bypassed by hackers.

      it's pointless to apply DRM to web content, as it is with offline content. it's always amusing to see website developers try to prevent visitors from saving images from the site--which is especially annoying when they use JavaScript to disable right-clicking, as if that'll stop anyone from saving an image to disc when it's already on their hard drive. these petty tactics simply insult visitors to the site and create a major annoyance for anyone who simply wants to access a command from the context menu. but i guess driving visitors away and decreasing the traffic to your site would reduce the chance of people steeling your precious lossy, lo-res jpeg images.

      • Re:Doublethink (Score:5, Interesting)

        by David Jao (2759) <djao@dominia.org> on Friday September 26, 2008 @11:34PM (#25174963) Homepage
        The dumb part here is that they send the whole movie to your computer even if you're just watching the free two-minute preview. The two-minute restriction is only enforced in the flash applet. Now, no amount of DRM can stop a paying customer from copying the movie, but a smartly designed system could certainly make the customer pay for the movie before giving the whole movie to them.
        • Re:Doublethink (Score:5, Insightful)

          by Spy der Mann (805235) <spydermann.slashdot@NOspam.gmail.com> on Saturday September 27, 2008 @01:02AM (#25175299) Homepage Journal

          The dumb part here is that they send the whole movie to your computer even if you're just watching the free two-minute preview. The two-minute restriction is only enforced in the flash applet.

          Web programming 101.
          Children, repeat after me: When you program for the web, NEVER, EVER trust the client.

        • Re:Doublethink (Score:5, Insightful)

          by TubeSteak (669689) on Saturday September 27, 2008 @01:02AM (#25175301) Journal

          Now, no amount of DRM can stop a paying customer from copying the movie, but a smartly designed system could certainly make the customer pay for the movie before giving the whole movie to them.

          Having the preview show you a preview length clip is not a "smartly designed system" it is basic common sense.

          Any site that try to protect their content with stupid tricks instead of creating separate content for the preview honestly deserve what comes their way.

          I guess content providers have to make a decision as to which is cheaper &/or better:
          1. Licensing DRM
          2. Buying extra hard drives to store preview clips instead of streaming from the full movie/audio/whatever

          • by MichaelPenne (605299) on Saturday September 27, 2008 @03:31AM (#25175785) Homepage

            Any site that try to protect their content with stupid tricks

            Actually, what they did was trade-off stream security for the user experience - if the stream does pre-load, then the viewer can start viewing the movie much faster after they pay.

            Its a good trick if most of your users do pay, as they get the video they pay for much faster (since it's already pre-loaded) than would be possible if the paid content was sent in a separate stream that did not start until after the payment was processed.

            Mainly, this is an artifact of delivering video via http/progressive download vs. rtsp - you have a few options:
            1. deliver one stream - tradeoff - geeks can view for free
            2. deliver two streams - tradeoff - slow, annoying start up while you wait for the second stream to load enough to start playing
            3. use rtsp - tradeoff - reduces the quality of the video to match minimum bandwidth between the server and the viewer

            For really secure video, you'd use either RTSP or DRM (or both8-0), but they both have other problems with quality and user experience.

            I guess a system designed by a video geek would probably lean towards providing the best quality viewing experience while making it possible for a geek to get the video for free:-).

          • Any site that try to protect their content with stupid tricks

            Actually, what they did was trade-off stream security for the user experience - if the stream does pre-load, then the viewer can start viewing the movie much faster after they pay.

            Its actually kind of a _good trick_ if enough of your users do pay, as they get the video they pay for much faster (since it's already pre-loaded) than if the paid content was sent in a separate stream that did not start until after the payment was processed. Faster vi

          • Re: (Score:3, Interesting)

            Lots of folks here need to review the Palladium toolkit, renamed 'Trusted Computing'. It's designed to lock files to applications to hardware, in a triad specifically set up to control what users can do with their files and make them unavailable except for owner authorized software with centralized key management. This sort of thing is _precisely_ what it was designed for: the security enhancements it provides are potentially useful, but DRM is clearly its fundamental purpose.
      • only extra processor cycles at both ends... the content has exactly the same length of bytes, just got bits shifted in a weird and wonderful pattern according to the encryption algorithm and the keys
    • He may have been commenting about the part where they send people the entire movie before they've paid for it, so that it can start playing sooner once they pay. That is a truly boneheaded move regardless of what you think of DRM.

    • by peter (3389)

      As others have said, streaming un-paid-for unencrypted video is dumb.

      You could send the first couple minutes unencrypted since anyone can watch it free (preview). Then start streaming the rest encrypted, and send the decryption key when the user pays. It doesn't have to be DRM, it could just decrypt the file.

    • Re:Doublethink (Score:4, Insightful)

      by logicmethod (785495) on Saturday September 27, 2008 @06:11AM (#25176373)
      Flash Player has had the critical flaw of not being able to cancel HTTP requests for years. This causes all kinds of problems for Flash / Flex developers across the board, not only for media streaming applications. Adobe has finally implemented a fix in Flash Player 10--which should be out of beta in the next few weeks--that allows the developer to actually cancel a request and stop the stream. The development community has been bringing this to Adobe's attention for years, and why it has only yet to be addressed is beyond me--it seems so basic. I agree that it isn't a great idea to use the actual media for a preview versus creating a separate preview version, but this flaw makes it extremely easy to grab any file that Flash requests.
    • by pv2b (231846)

      Actually, this isn't as bad an idea as you might think.

      Consider what Adobe's goal in all this is. They want to be able to stream an entire video to your computer, in anticipation that you will pay for it. They could conceivably do this by transmitting the video to the presumptive buyer encrypted. At purchase, Adobe's servers would transmit the decryption key.

      Now, true, this won't do anything to stop anybody from copying the video *after* it's been paid for. But in this particular case, encryption technology

  • Ming boggles... (Score:5, Insightful)

    by PineGreen (446635) on Friday September 26, 2008 @11:03PM (#25174803) Homepage

    ...at how fuckin dumb this all is. If you can see it, you can copy it, maybe it is more difficult, but not impossible. Do these idiots never ever learn?

    • Re: (Score:3, Interesting)

      by clarkkent09 (1104833)
      Yes you can, but yes it's more difficult so not as many people do it and those who do will not do it as often. I guess that's the thinking, if you can't stop it altogether, making it even a bit harder is a step in the right direction from their point of view and it does make some sense
    • Re: (Score:3, Insightful)

      by Vladus2000 (1363929)

      The key isn't stopping everyone, its stopping your average stupid computer user from doing it. That is all they need to achieve. When even John McCain can figure out how to pirate something, then the copyright holders are really screwed.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        The key isn't stopping everyone, its stopping your average stupid computer user from doing it.

        Average Stupid Computer User will not be doing it, anyways. He will go to something like The Pirate Bay and download it from there, after one Above Average Stupid Computer User did it and put it there.

    • by gardyloo (512791) on Saturday September 27, 2008 @12:09AM (#25175095)

      He's also Merciless!

    • by symbolset (646467) on Saturday September 27, 2008 @12:53AM (#25175257) Journal

      Actually I do have a bulletproof method of DRM that customers will accept. There's no patent - it's currently a trade secret. I could show them how it works without revealing the secret, and they could license it from me.

      I only want $40m cash up front, and 10% of the back end.

      I'm calling it MP[34]. Of course with licensing comes naming rights. I think "Plays For Now" is not yet taken.

  • by drDugan (219551) on Friday September 26, 2008 @11:06PM (#25174817) Homepage

    sadly, axxo and fxg and their black market friends already figured out years ago how to get movies for free to most anyone willing to look for them. it brings the end of an industry in it's current form.

    There are better models: allow people, if they choose, to take media without paying for it, but give them credit, additional access, and membership benefits when customers do sponsor/pay for the media they consume. It is really not that complicated... find something you can sell because you can no longer technically control the distribution of your product.

    Major media producers cannot change the progression of technology with policy and lawsuits. They would be so much better off to adopt what tech can enable, and build effective business models around providing customers with real value when they do pay for media, instead of using fear and lawsuits to force them to pay when they don't have to.

  • by D4C5CE (578304) on Friday September 26, 2008 @11:17PM (#25174873)

    the article suggests DRM as a potential solution to the problem

    Restrictions pitting a computer against its owner (and wasting time and energy to further a business model built on distrust) are always a problem [wikipedia.org], and the proof that some technologies can be inherently evil.

  • From the article (Score:3, Insightful)

    by superphreak (785821) on Friday September 26, 2008 @11:18PM (#25174879) Homepage
    The free demo version of Replay Media Catcher allows anyone to watch 75 percent of anything recorded and 100 percent of YouTube videos. For $39, a user can watch everything recorded.
    One Web site -- www.tvadfree.com -- explains step-by-step how to use the video stream catching software.
    [snip]
    Forrester analyst James McQuivey said he doesn't believe the video stream catching technology will entirely derail the advertising-supported business model used by the networks for online video.
    "It's too complicated for most users," said McQuivey, noting that file-sharing services like BitTorrent already exist but only a small percentage of people use them.


    See? He (whoever he is...) thinks piracy won't be a problem... it's too complicated to pirate stuff... people would rather pay... something like that anyway. And he's an analyst, so that makes it official, right?
    • See? He (whoever he is...) thinks piracy won't be a problem... it's too complicated to pirate stuff... people would rather pay... something like that anyway. And he's an analyst, so that makes it official, right?

      Really?

      Lemme throttle down bittorrent so I can load that article.

    • by rts008 (812749)

      Firefox + dwhelper extension has handled this for some time now...any 'media' on the site, audio, video-captures youtube flash vid's just fine!

  • by fuzzyfuzzyfungus (1223518) on Friday September 26, 2008 @11:23PM (#25174913) Journal
    As we all love to repeat, DRM is folly, giving a man a locked box and the key, security through obscurity, mere obfuscation, inevitably cracked, etc. So, a story about yet another broken DRM system is hardly exciting.

    What is amusing, in this case, is that we have a DRM system so broken that it includes a vulnerability of the kind that is theoretically fixable. Essentially, Amazon streams the first couple of minutes of whatever it is to you for free. To get more, you have to pay. However, thanks to this bug, Amazon doesn't actually stop streaming at two minutes, just sends a command to the player to stop playing. The video that you aren't supposed to see ends up, inadequately obfuscated, somewhere on your system.

    That is the pathetic bit. It is ultimately impossible to control what another computer does; but it is merely a matter of good engineering to control what yours does. Server access control vs. DRM. Here, the system is so broken that Amazon's servers are essentially handing out video that they don't want copied to anybody who asks for it, at which time it is protected only by the usual doomed local DRM. Thanks to badly designed DRM, the system is less secure than that ever so early 90's "on payment, we email you a one time use link to a direct download" content protection scheme. Ha-ha.
  • by xigxag (167441) on Friday September 26, 2008 @11:47PM (#25175017)

    You know what else allows full movie downloads for free?

    THE INTERNET.

       

  • This is new? (Score:5, Insightful)

    by Toonol (1057698) on Friday September 26, 2008 @11:48PM (#25175021)
    Doesn't everybody know that all flash video is easily accessible? Most of the time it's just a case of dragging it out of the cache. Sometimes you need to jump through more hoops, but I thought it was common knowledge that you could download it all.

    You have to re-encode it if you want to, say, burn it on dvd, but that's not too hard. I use winFF (yes, I use windows).
    • by mgblst (80109)

      Common knowledge amoung whom? Slashdot crowd, yes. Competent IT people, yes. The majority of internet users, no.

    • Re: (Score:3, Insightful)

      I think the news part is that Amazon sends you the entire movie when you play the 2 minute "preview". Most people would assume the preview would in fact be a two minute clip without the rest of the movie attached.

    • For sites like YouTube, it's fairly easy, there's a file in /tmp called Flashxxxxx (where xxxxx is a random sequence of letters and digits.) I've yet to find a way of downloading anything from Hulu.com though. I got the impression the Hulu player keeps everything in memory, which is why moving the cursor is a somewhat less smooth experience than it is with YouTube.

    • Could you tell me where that is on a mac? I knew it was probably possible, but didn't believe that anyone was actually that stupid, so I've never looked for it.
    • by stevied (169)

      On Linux, at least, it's often even easier: the flash video is usually sitting in /tmp with a reasonably obvious name, just asking to be hard linked somewhere else. Don't know if this holds true for RTMP streams, though, which I guess is what TFA is talking about.

      • by Toonol (1057698)
        Here's the easy way: Clear your cache, watch a flash video, then do a search on your machine for all files modified today with a file size over, say, a few meg in size. You'll probably get a short list, and one of them should be the flash video in your cache directory. You may have to copy it out and rename it.
  • From the article: (Score:5, Insightful)

    by jrockway (229604) <jon-nospam@jrock.us> on Friday September 26, 2008 @11:54PM (#25175035) Homepage Journal

    The problem exposes online video content to the rampant piracy that plagued the music industry during the Napster era and is undermining efforts by retailers, movie studios and television networks to cash in on a huge Web audience.

    Uh, the pirates were already uploading the full HD rips to Usenet days before the movies were even released. No pirate would want the shitty version Amazon is offering.

  • Not really a flaw (Score:5, Informative)

    by Wesley Felter (138342) <wesley@felter.org> on Friday September 26, 2008 @11:55PM (#25175043) Homepage

    There are two separate issues mentioned in the article.

    1. HTTP and RTMP are not encrypted and thus it's trivial to record any video sent over these protocols. This is well-documented and I'd hardly consider it a flaw. Flash 9u3 has DRM (RTMPE+verification), but most Web sites don't bother to use it.

    2. Apparently Amazon's movie store server will send the whole video whether the customer has purchased it or not. This is a bug, but it's Amazon's fault not Adobe's and Amazon should be able to fix it easily enough. Also, they're apparently not using all the DRM features available in Flash so their videos aren't as protected as they could be.

    AFAIK Flash DRM hasn't been cracked yet because no one uses it. I'm not an advocate of DRM, but as a practical matter I find it works better when you actually turn it on.

    • Re: (Score:3, Insightful)

      by Jah-Wren Ryel (80510)

      I'm not an advocate of DRM, but as a practical matter I find it works better when you actually turn it on.

      Unless the reason you are using it is to satisfy a checklist from hollywood.

      Kind of like the TSA at the airport - "DRM theater" to make the frightened hollywood execs feel safe and secure even though they are still just as vulnerable with or without DRM...

      • Unless the reason you are using it is to satisfy a checklist from hollywood.

        Yeah, and after Hollywood reads a Reuters article about how your system is cracked, you'll probably have to release a new version to convince them that something is being done. And the charade rolls on.

    • by Anpheus (908711)

      Actually, DRM remains perfectly secure only when you leave it turned off, and ideally locked away and never put under the spotlight.

      Huh, that's funny, making DRM and general purpose PCs secure requires that you cut the network cable and bury them or lock them in a safe.

      • Actually, DRM remains perfectly secure only when you leave it turned off, and ideally locked away and never put under the spotlight.

        Huh, that's funny, making DRM and general purpose PCs secure requires that you cut the network cable and bury them or lock them in a safe.

        Just to be sure, let's pulverize and ionize them so we can feed their hadrons into the CERN collider while we can watch them go to 99.99999% the speed of light before blasting and turning into strange matter, and maybe one or two Higgs bosons. Bonus points for unrecoverability if they're turned into a micro-blackhole.

        • by Anpheus (908711)

          I think you mean, just to be sure, we have to nuke it for orbit. It's the only way to be certain.

  • by evilviper (135110) on Saturday September 27, 2008 @12:19AM (#25175123) Journal

    In summary:

    Amazon.com is staffed by idiots... They thought it would be safe to stream the ENTIRE MOVIE, to anyone, FOR FREE. The ONLY protection being that they send a command to the Flash Player to "pause" playback after 2 minutes for those that haven't paid to watch the whole thing. Cheap software and instructions have sprung up all over the web, and everybody knows Amazon.com is going to get a boot up the ass by the media companies, and fix this "security" issue any second now.

    DRM is utterly redundant. They just need someone with 3-digit IQ in the company to teach them how to make a 2 minute excerpt clip that is free and publicly accessible, while keeping the full video password-protected.

    This is about on-par with an Apache "security announcement" that even if you don't make a link to a document on your HTTP server, it's still accessible! The horror!

  • flaw? (Score:5, Funny)

    by theheadlessrabbit (1022587) on Saturday September 27, 2008 @12:31AM (#25175175) Homepage Journal

    "Adobe Flaw Allows Full Movie Downloads For Free"

    its not a flaw, its a feature!

  • by neokushan (932374) on Saturday September 27, 2008 @12:53AM (#25175255)

    What's the easiest and fastest way to take complete advantage of this?
    I want links!

  • Normally if you can play the video, you can capture it. So encryption/DRM is rather pointless. However, DRM can work (up to a point) if HDCP is used. The player has to be sure that the path from the internet to the display is full encrypted OR sealed. By doing the decryption in the video card, uncompressing it there, and re-encrypting it for HDCP over HDMI (audio, too ... so DVI won't work unless they want to give up the protection on the audio), you can be sure the video is safe all the way, as long as

  • by Skapare (16644)

    Amazon starts to stream the entire movie during the free preview -- even though it pauses the video on the Web browser after the first two minutes -- so that users can start watching the rest of the video right away once they pay.

    However, even if a user doesn't pay, the stream still sends the movie to the video catching software, but not the browser.

    So that's why my SQUID caches were getting so big :-)

  • by iabervon (1971) on Saturday September 27, 2008 @02:11AM (#25175565) Homepage Journal

    It's just like their instant delivery service, available for items that you've put on your wish list in advance. The way it works is that, when you put an item on your wish list, they ship it to you. Then, if you buy it, they give you the tracking number, you go to the shipper's site, and find that the item is on your porch, at which point you bring it inside and open it. If you don't buy it, eventually the shipper notices that it's been sitting on your porch for a while unclaimed and brings it back to Amazon.

  • by dougmc (70836) <dougmc+slashdot@frenzied.us> on Saturday September 27, 2008 @02:32AM (#25175621) Homepage

    In related news, researches have discovered that Gutenberg's printing press [wikipedia.org] has similar flaws. By using modern technology such as photocopiers or cameras, or older technology such as monks and pens (or additional printing presses) criminals can create nearly identical copies of items printed with the press, depriving the original creators of the material of much needed compensation.

    Gutenberg did not immediately return calls for comment, however it's theorized that he did not build in an encryption option to his printing press in order to boot comprehension speeds (Simple substitution ciphers [wikipedia.org] were well established at the time of the creation of the printing press, and Gutenburg could have easily applied their techniques in the creation of his press, however it's not entire certain how effective it would have been at preventing piracy. (Somewhat (at most) effective DRM techniques were developed centuries later.))

  • "This was designed stupidly,' said Bruce Schneier"

    It's an Adobe product. Saying it was designed stupidly is redundant.

"Why waste negative entropy on comments, when you could use the same entropy to create bugs instead?" -- Steve Elias

Working...