Hole in Adobe software allows free movie downloads

[The Canadian]

NEW YORK (Reuters) - A security hole in Adobe Systems Inc, used to distribute movies and TV shows over the Internet, is giving users free access to record and copy from Amazon.com Inc's video streaming service.

The problem exposes online video content to the rampant piracy that plagued the music industry during the Napster era and is undermining efforts by retailers, movie studios and television networks to cash in on a huge Web audience.

"It's a fundamental flaw in the Adobe design. This was designed stupidly," said Bruce Schneier, a security expert who is also the chief security technology officer at British Telecom.

The flaw rests in Adobe's Flash video servers that are connected to the company's players installed in nearly all of the world's Web-connected computers.

The software doesn't encrypt online content, but only orders sent to a video player such as start and stop play. To boost download speeds, Adobe dropped a stringent security feature that protects the connection between the Adobe software and its players.

"Adobe is committed to the security of all of our products, from our players to our server software. Adobe invests a considerable amount of ongoing effort to help protect users from potential vulnerabilities," it said in a statement.

Adobe said it issued a security bulletin earlier this month about how best to protect online content and called on its customers to couple its software security with a feature that verifies the validity of its video player.

An Amazon spokesman said content on the company's Video On Demand service, which offers as many as 40,000 movies and TV shows on its Web site, cannot be pirated using video stream catching software.

However, in tests by Reuters, at least one program to record online video, the Replay Media Catcher from Applian Technologies, recorded movies from Amazon and other sites that use Adobe's encryption technology together with its video player verification.

"Adobe's (stream) is not really encrypted," said Applian CEO Bill Dettering. "One of the downfalls with how they have architected the software is that people can capture the streams. I fully expect them to do something more robust in the near future."

HOW IT WORKS

The free demo version of Replay Media Catcher allows anyone to watch 75 percent of anything recorded and 100 percent of YouTube videos. For $39, a user can watch everything recorded.

One Web site -- www.tvadfree.com -- explains step-by-step how to use the video stream catching software.

Amazon.com's Adobe-powered Video On Demand service allows viewers to watch the first two minutes of a movie or TV show for free. It charges up to $3.99 to rent a movie for 24 hours and up to $14.99 to download a movie permanently.

Amazon starts to stream the entire movie during the free preview -- even though it pauses the video on the Web browser after the first two minutes -- so that users can start watching the rest of the video right away once they pay.

"It's the traditional trade-off, convenience on the one hand and security on the other," said Ray Valdes, analyst at research group Gartner.

However, even if a user doesn't pay, the stream still sends the movie to the video catching software, but not the browser.

Amazon's Video On Demand is the Web retailer's answer to declining sales of packaged movies and TV shows and the growth in demand for digital content that can be viewed and stored on the Internet.

Unlike Amazon, videos from Hulu.com, NBC.com and CBS.com are already free although the TV programs are interrupted by commercials. However, the stream catching software separates the commercials and the program into two separate folders, so people can keep the programs without the advertising.

Hulu.com, a video Web site owned by News Corp's Fox network and General Electric's NBC Universal, was the big networks' answer to YouTube, the popular video-sharing Web site where many users began uploading TV shows and other content owned by media companies.

The networks scrambled to post videos on their own sites in a bid to capture another stream of advertising revenue from a growing audience, but they have struggled with how best to show commercials which fund the programing when played on the Web.

YouTube, which started the online video boom before being bought by Google Inc. for $1.65 billion in November 2006, has also struggled to cash in on its popularity even though its user base continues to mushroom.

DESTROYING BUSINESS MODELS

One possible solution would be to protect the video with a digital rights management (DRM) system. A Seattle-based company called Widevine Technologies has a DRM system that can encrypt online videos using Flash.

"The fundamental problem here is that Adobe's lack of technology is not allowing the business models to be preserved," said Widevine Chief Executive Brian Baker.

The lack of content protection, according to Baker, threatens all the business models used today to fund video on the Web.

Apple Inc., which sells movies and television shows at its online iTunes store, uses its own DRM technology called FairPlay, but it only works for video bought on iTunes.

Forrester analyst James McQuivey said he doesn't believe the video stream catching technology will entirely derail the advertising-supported business model used by the networks for online video.

"It's too complicated for most users," said McQuivey, noting that file-sharing services like BitTorrent already exist but only a small percentage of people use them.

"People want something easy to find and easy to use."

Source: REUTERS

[primexx]

isn't this just downloading flv files everyone's been doing forever? or is this something else?

[night_stalker_z]

Isn't this just stupid programming on Amazon's part? They could just have a separate 2 min clip and stream that instead of the whole movie.

[MytMowse]

Ouch, talk about the suck, for them.