Thursday, 17 September 2009
Converting Adobe Digital Editions to PDF
A number of products have appeared in the last year or two which are designed to bypass most document security systems, such as Adobe's Digtal Editions (ADE) and their DRM services. These are typically based on automated screen grabbing, which are set in operation once you have opened and displayed your secured file. These include Copistar, Gadwin and CaptureWiz and they work by grabbing each screen and navigating to the next page. This is far from ideal but does result in a set of image files and/or a PDF version of the source - unless of course they are detected and made ineffective by screen grab protection. This is provided in Drumlin and LockLizard but is not generally supported in other products. I am not aware of any direct conversion software which save an ADE file as a PDF, but maybe someone out there does know of such a facility?
Monday, 20 July 2009
Adobe reader V9 security update
In a comment to my last posting, Adobe's Leonard Rosenthol claims that the article I cite is not accurate, and that the new reader security system is actually much better than earlier versions as it requires a brute force attack. Although this appears to be the case, Elcomsoft (http://www.elcomsoft.com/apdfpr.html) are still happy to supply software to remove security from all versions of Adobe PDFs, including V9.x
Thursday, 2 July 2009
Adobe Acrobat 9 security is worse than ever
ElcomSoft, the company that discovered a security weakness in Adobe's eBook software back in 2001, has found vulnerability in another Adobe Product. While Adobe advertises Acrobat 9 as the most secure PDF production tool ever with enhanced 256-bit encryption, ElcomSoft has discovered that the new PDF protection system implemented in Acrobat 9 is even faster to recover than in previous versions. In fact, a hundred times faster. (from NET Security - see online full article for more details: see here )
Monday, 15 June 2009
Drumlin V4 to provide free secure PDF publishing and free DRM service
June 15th - Drumlin Security confirm that the beta version of their Drumlin V4 PDF reader and publishing software, and associated DRM service is now available. The revised software offers the same publishing functionality as previous Drumlin releases, but will be provided as free software (no software license fees) and free DRM service (no charges for DRM facilities).
Saturday, 6 September 2008
Adobe abandons Flashpaper product
Adobe has just announced that it is abandoning it Flashpaper product, which will hit US sites like Scribd and Docstoc, and European sites like the UK’s edocr and Germany’s Twidox which only recently won funding. edocr currently bases all its document sharing on Flashpaper.
For full article see:
http://uk.techcrunch.com/2008/09/04/startups-in-chaos-as-adobes-flashpaper-discontinues/
For full article see:
http://uk.techcrunch.com/2008/09/04/startups-in-chaos-as-adobes-flashpaper-discontinues/
Friday, 22 August 2008
LockLizard Unprotector?
The following message was posted on the Adobe forum recently - whether it is true or simply a fake story it is difficult to judge, as the link site is in Russian!
07:58am Jun 4, 2008 Pacific - We've used LockLizard SafeGuard to secure our company documents but we've noticed that there is an Un-Protector for LockLizard Protected pdc files "LockLizard PDC Un-Protector" which has been released by a pirate group DVT which can extract the raw pdfs from LockLizard protected pdc Files. It's a very bad news for us. We do not know which drm company we can really trust.
07:58am Jun 4, 2008 Pacific - We've used LockLizard SafeGuard to secure our company documents but we've noticed that there is an Un-Protector for LockLizard Protected pdc files "LockLizard PDC Un-Protector" which has been released by a pirate group DVT which can extract the raw pdfs from LockLizard protected pdc Files. It's a very bad news for us. We do not know which drm company we can really trust.
Sunday, 8 June 2008
Fumblin' with Drumlin
Read the blog from a new Drumlin customer who ".. quickly discovered that the built in security and the cost of the drm offerings from the major players both left a lot to be desired"... his blog entries describe their requirements and how Drumlin was selected and tailored to meet these.
Sunday, 18 May 2008
Adobe Reader & Digital Editions Forums - losing documents
Adobe products have both conventional support facilities and user forums.
For the standard Adobe Reader these can be found at: http://www.adobeforums.com/webx/.3bbf42f7.ee6b2e6/
whilst for the new Digital Editions they are
http://www.adobeforums.com/cgi-bin/webx/.3bc43717/7
Judging from the c.300 messages on the Digital Editions (DE) forum over the last few weeks, problems with the Adobe software and DRM service are often experienced by users. A particular problem which many users have been complaining about recently, is that if they have to change computer or re-instate their system after a crash, all their Adobe eBooks become unreadable and cannot be recovered.
For the standard Adobe Reader these can be found at: http://www.adobeforums.com/webx/.3bbf42f7.ee6b2e6/
whilst for the new Digital Editions they are
http://www.adobeforums.com/cgi-bin/webx/.3bc43717/7
Judging from the c.300 messages on the Digital Editions (DE) forum over the last few weeks, problems with the Adobe software and DRM service are often experienced by users. A particular problem which many users have been complaining about recently, is that if they have to change computer or re-instate their system after a crash, all their Adobe eBooks become unreadable and cannot be recovered.
Tuesday, 29 April 2008
Secure PDF publishing for Apple Mac
Drumlin now supports a range of Windows emulators on Apple Mac and other computers. See www.drumlinsecurity.co.uk/applemac.html for more details
A recent discussion thread, shown below, suggests that there remains few if any solutions that provide true PDF handling with security in the Mac OS environment:
http://forum.maccast.com/index.php?showtopic=14868
A recent discussion thread, shown below, suggests that there remains few if any solutions that provide true PDF handling with security in the Mac OS environment:
http://forum.maccast.com/index.php?showtopic=14868
Friday, 15 February 2008
New Adobe Javascript virus - Acrobat 8.1.1 and earlier
McAfee Avert Labs is tracking an active exploitation of a recently patched vulnerability in Adobe Acrobat Reader now in the wild. The current vulnerability can be embedded in a PDF file and manipulated through Adobe JavaScript.
The first evidence of such maliciously crafted PDF files was posted to an Italian message forum from an alert administrator who noted that three of his workstations had been infected. Successful exploitation leads to the embedded JavaScript being executed on the victim’s machine. The script attempts to download a Trojan from an IP address in the Netherlands.
This exploit works for both browser-based and email attack vectors and affects the following Adobe products:
Adobe Reader 8.1.1 and earlier versions
Adobe Acrobat Professional, 3D, and Standard 8.1.1 and earlier versions
http://www.avertlabs.com/research/blog/index.php/2008/02/11/another-adobe-pdf-exploit-in-the-wild/
The first evidence of such maliciously crafted PDF files was posted to an Italian message forum from an alert administrator who noted that three of his workstations had been infected. Successful exploitation leads to the embedded JavaScript being executed on the victim’s machine. The script attempts to download a Trojan from an IP address in the Netherlands.
This exploit works for both browser-based and email attack vectors and affects the following Adobe products:
Adobe Reader 8.1.1 and earlier versions
Adobe Acrobat Professional, 3D, and Standard 8.1.1 and earlier versions
http://www.avertlabs.com/research/blog/index.php/2008/02/11/another-adobe-pdf-exploit-in-the-wild/
Friday, 8 February 2008
Adobe announces update - users rebel
Adobe has just announced the latest update to its Acrobat Reader, to address a variety of security and other issues. Judging from the comments on The Register, see:
http://www.theregister.co.uk/2008/02/07/stealth_adobe_reader_update/comments/#c_150380
the huge size of this latest update is just one of the many complaints users have about this software... but to be fair to Adobe, it is very functionally rich, and 'free' (ish)
http://www.theregister.co.uk/2008/02/07/stealth_adobe_reader_update/comments/#c_150380
the huge size of this latest update is just one of the many complaints users have about this software... but to be fair to Adobe, it is very functionally rich, and 'free' (ish)
Thursday, 31 January 2008
Joost plans visible on 'secured' PDF
May 18th 2007
See the article at:
http://mashable.com/2007/05/18/joosts-deal-plans-hidden-in-pdf-presentation/
See the article at:
http://mashable.com/2007/05/18/joosts-deal-plans-hidden-in-pdf-presentation/
Friday, 21 September 2007
Market demand
Jim Minatel's piece accessible at:
http://wroxblog.typepad.com/minatel/2005/05/market_demand_f.html
provides interesting reading on both market demand for e-books and the pitfalls of most current e-book and DRM services - Drumlin seeks to avoid such problems by using the most advanced encryption and tracking facilities available, but we expect unscrupulous people will attempt to break the system if they can.
Users of the service are recommended to take advantage of the free Update option in the software (Help menu item) to keep their reader/publisher software up-to-date and using the latest and strongest encryption levels.
For corporates, requiring very strong controls, additional facilities are available and/or can be added to meet specific needs
http://wroxblog.typepad.com/minatel/2005/05/market_demand_f.html
provides interesting reading on both market demand for e-books and the pitfalls of most current e-book and DRM services - Drumlin seeks to avoid such problems by using the most advanced encryption and tracking facilities available, but we expect unscrupulous people will attempt to break the system if they can.
Users of the service are recommended to take advantage of the free Update option in the software (Help menu item) to keep their reader/publisher software up-to-date and using the latest and strongest encryption levels.
For corporates, requiring very strong controls, additional facilities are available and/or can be added to meet specific needs
Wednesday, 29 August 2007
Prof Dave Touretzky
Prof Dave Touretzky of Carnegie Mellon University maintains a web page on Adobe and PDFs http://www.cs.cmu.edu/~dst/Adobe/Gallery,
and via his site, Bryan Gruinyard's white paper on Adobe's PDF security (or lack of it!):
http://www.cs.cmu.edu/~dst/Adobe/Gallery/PDFsecurity.pdf
and via his site, Bryan Gruinyard's white paper on Adobe's PDF security (or lack of it!):
http://www.cs.cmu.edu/~dst/Adobe/Gallery/PDFsecurity.pdf
Monday, 20 August 2007
Security holes in Adobe ActiveX-based PDF readers
Several so-called secure PDF Readers make use of the Adobe ActiveX control, with some kind of wrapper around this to provide the security and/or offer online (web-based) only reading. These readers are far from secure:
Online readers - If the Adobe Acrobat reader is displayed within a browser, with no toolbars, it may appear that it is secure. Perhaps it has been setup to disable printing and copying from the screen. However, the toolbar can easily be enabled using the + icon at the lower left of the screen (as shown below):
Online readers - If the Adobe Acrobat reader is displayed within a browser, with no toolbars, it may appear that it is secure. Perhaps it has been setup to disable printing and copying from the screen. However, the toolbar can easily be enabled using the + icon at the lower left of the screen (as shown below):
When the toolbar is available the document may be saved to disk, and assuming it has been password encrypted it can then be read, with no restrictions, using one of the free or commercial password removal programs we have mentioned elsewhere. In fact the security is often even weaker than this, because the indivdual pages of the pdf are sent unencrypted, opening the possibility of reading the document from the transmission stream or worse still, by printing the "secure" PDF to a PDF or Image printer device, providing a completely reusable/viewable/printable copy.
Offline readers - these tend to be some form of wrapper, e.g. an executable program that wraps around the ActiveX control, AcroPDF which comes together with Acrobat Reader. Basically, this control is used for opening PDF in browsers. With this control the PDFs can only be loaded from a disk file. Using the ProcessExplorer you can see that several tmp files are created in folder:
C:\Documents and Settings\
Tuesday, 10 July 2007
PDF Security news
PDF security is a hot topic. Here are some useful items to review
Holes in the Adobe Acrobat Reader were reported by the BBC in early 2007 - see http://news.bbc.co.uk/1/hi/technology/6234181.stm for details
PDF security implemented in Adobe Acrobat (all versions) can be removed using a wide range of free and low cost software - Elcomsoft (http://www.elcomsoft.com/apdfpr.html), a Microsoft Partner software house based in Moscow, were amongst the first to provide such software. As their site states:
"This program (Advanced PDF Password Recovery, or APDFPR) is intended to decrypt password-protected and restricted Adobe Acrobat PDF files, which have "user" password set (required to open/view the file), and/or "owner" password (when the file is only protected from editing, printing etc), i.e. remove the protection and/or break the PDF password. Restricted files are being unprotected instantly, while decryption of files with "open" password may be time-consuming. The program is also able to convert Kinko's Document Format (KDF) files to PDF files (without any protection). "
Holes in the Adobe Acrobat Reader were reported by the BBC in early 2007 - see http://news.bbc.co.uk/1/hi/technology/6234181.stm for details
PDF security implemented in Adobe Acrobat (all versions) can be removed using a wide range of free and low cost software - Elcomsoft (http://www.elcomsoft.com/apdfpr.html), a Microsoft Partner software house based in Moscow, were amongst the first to provide such software. As their site states:
"This program (Advanced PDF Password Recovery, or APDFPR) is intended to decrypt password-protected and restricted Adobe Acrobat PDF files, which have "user" password set (required to open/view the file), and/or "owner" password (when the file is only protected from editing, printing etc), i.e. remove the protection and/or break the PDF password. Restricted files are being unprotected instantly, while decryption of files with "open" password may be time-consuming. The program is also able to convert Kinko's Document Format (KDF) files to PDF files (without any protection). "
Friday, 29 June 2007
Welcome to Drumlin
This blog has been established to allow news on Drumlin usage and views on the product set. Sample applications, documents and support information will be provided
Subscribe to:
Posts (Atom)
