Adobe, CERT post responses to recent PDF vulnerability report

Adobe, CERT post responses to recent PDF vulnerability report

Post by Dan Sh » Thu, 17 Jul 2003 17:09:06



Hi all,

Thought this might be of interest to the group...

The CERT Coordination Center, a major reporting center for
Internet security problems, has issued a Vulnerability Note
on the matter raised last week by ElcomSoft Co. Ltd.
regarding potential PDF security vulnerabilities. In
conjunction with the CERT posting, Adobe Systems has issued
its own official Vendor Statement on the recent allegations,
which it disputes as "theoretical" and "misleading."

Full story: http://www.planetpdf.com/mainpage.asp?webpageid=2910

Best,
Dan

Dan Shea - Planet PDF Evangelist

http://www.planetpdf.com/
http://www.pdfstore.com/
Planet PDF & PDF Store - A World of
Acrobat/PDF Resources & Software

 
 
 

Adobe, CERT post responses to recent PDF vulnerability report

Post by Vladimir Katalo » Thu, 17 Jul 2003 18:40:34



Quote:> Hi all,

> Thought this might be of interest to the group...

> The CERT Coordination Center, a major reporting center for
> Internet security problems, has issued a Vulnerability Note
> on the matter raised last week by ElcomSoft Co. Ltd.
> regarding potential PDF security vulnerabilities. In
> conjunction with the CERT posting, Adobe Systems has issued
> its own official Vendor Statement on the recent allegations,
> which it disputes as "theoretical" and "misleading."

> Full story: http://www.planetpdf.com/mainpage.asp?webpageid=2910

Unfortunately, any "practical" vulnerability could be considered as
DMCA violation, and Adobe knows that. That is the reason why we
had to keep it "potential/theoretical".

As for "misleading", Adobe was not able to show what particular
part of our report (or fact, or statement) is not correct.

--
Sincerely yours,
  Vladimir

Vladimir Katalov
Managing Director
ElcomSoft Co.Ltd.
Member of Association of Shareware Professionals (ASP)
Member of Russian Cryptology Association

http://www.elcomsoft.com/adc.html (Advanced Disk Catalog)
http://www.elcomsoft.com/art.html (Advanced Registry Tracer)
http://www.elcomsoft.com/prs.html (Password Recovery Software)
http://www.mailutilities.com (Email Management Software)

 
 
 

Adobe, CERT post responses to recent PDF vulnerability report

Post by Dan Sidee » Fri, 18 Jul 2003 08:00:36


Boy, Adobe and ElcomSoft sure have it in for each other!!

I'll bet on the company with the most lawyers!!


> Hi all,

> Thought this might be of interest to the group...

> The CERT Coordination Center, a major reporting center for
> Internet security problems, has issued a Vulnerability Note
> on the matter raised last week by ElcomSoft Co. Ltd.
> regarding potential PDF security vulnerabilities. In
> conjunction with the CERT posting, Adobe Systems has issued
> its own official Vendor Statement on the recent allegations,
> which it disputes as "theoretical" and "misleading."

> Full story: http://www.planetpdf.com/mainpage.asp?webpageid=2910

> Best,
> Dan

> Dan Shea - Planet PDF Evangelist

> http://www.planetpdf.com/
> http://www.pdfstore.com/
> Planet PDF & PDF Store - A World of
> Acrobat/PDF Resources & Software

 
 
 

Adobe, CERT post responses to recent PDF vulnerability report

Post by Vladimir Katalo » Fri, 18 Jul 2003 14:53:51



Quote:> Boy, Adobe and ElcomSoft sure have it in for each other!!

> I'll bet on the company with the most lawyers!!

In any case, if Adobe will continue to say that there is no security problem
there
(and so will not fix it), the loosers will be customers (from end-users to
government),
publishers and authors.

--
Sincerely yours,
  Vladimir

Vladimir Katalov
Managing Director
ElcomSoft Co.Ltd.
Member of Association of Shareware Professionals (ASP)
Member of Russian Cryptology Association

http://www.elcomsoft.com/adc.html (Advanced Disk Catalog)
http://www.elcomsoft.com/art.html (Advanced Registry Tracer)
http://www.elcomsoft.com/prs.html (Password Recovery Software)
http://www.mailutilities.com (Email Management Software)

 
 
 

Adobe, CERT post responses to recent PDF vulnerability report

Post by Kyler Lair » Sat, 19 Jul 2003 22:31:47



>Boy, Adobe and ElcomSoft sure have it in for each other!!

Adobe likes to sell their stuff.  ElcomSoft likes to tell the truth.  Yes,
they in conflict.

Quote:>I'll bet on the company with the most lawyers!!

Bet on what?  Their ability to successfully manipulate stupid and naive
people?

ElcomSoft is right.  No one (not even Adobe) has yet disputed that (with
any evidence, at least).

--kyler

 
 
 

1. Adobe refutes Elcomsoft's vulnerability report on PDF security

from the Planet PDF newsletter -->

___ Adobe refutes Elcomsoft's vulnerability report on PDF security ___

Adobe's John Landwehr, Group Manager for Security Solutions
and Strategy, labels recent allegations by ElcomSoft about
vulnerabilities in PDF security as 'theoretical, inaccurate
and misleading.' No patch or update is required, he says.

http://www.planetpdf.com/mainpage.asp?webpageid=2900

___ ElcomSoft marks arrest anniversary with PDF security flaws update ___

With the July 16, 2001 anniversary of the arrest of employee
Dmitry Skylarov at hand, ElcomSoft has produced and
disseminated a new report outlining alleged vulnerabilities
in PDF security that it says Adobe has not fixed in two  years.

http://www.planetpdf.com/mainpage.asp?webpageid=2894

rgds ~ Kurt
Editor, Planet PDF

2. Need to suppress "Save File" dialog and force save, Notes 4.5x

3. CERT Parody....AIBO vulnerability

4. Printcap entry for Talaris engine

5. Understanding Cert's SNMP Vulnerabilities Suite

6. percentage - formate computed field

7. CERT Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

8. TableMate

9. CERT(sm) Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

10. Solaris 8 & login vulnerability CERT 2001-34

11. Adobe releases Acrobat 5.x patch to fix security vulnerability

12. Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged

13. Is permission from Adobe required to post .pdf files on Internet?