More on TechnologyTell: Gadget News | Apple News
Previous
-
Free e-books
Comments
"I've seen reports that some editors only answer back on *accepted* manuscripts. And, of course; multiple submissions are unprofessional... ..."Felix Torres on "Authors report dissatisfaction with publishers over manuscript consideration time, other issues - Posted on May 26, 2012
"I don't buy agency ebooks, so my purchases have always been subject to discounting by Amazon. The rare time I purchase directly from an ..."Stacey G. on "OR Books publisher suggests ‘disintermediating Amazon’ by selling D2C - Posted on May 26, 2012
"A year to probably get a rejection? no wonder self publishing is a valid option. ..."PA Wilson on "Authors report dissatisfaction with publishers over manuscript consideration time, other issues - Posted on May 26, 2012
"Michael - I don't see the logic in your assertion. Publishers or writers can sell their titles for exactly the price they set for their ..."Howard on "OR Books publisher suggests ‘disintermediating Amazon’ by selling D2C - Posted on May 26, 2012
"D2C will stand little chance against the ease of a megastore (for customers) until contract clauses that ban authors/publishers from selling their ebooks for less ..."Michael W. Perry on "OR Books publisher suggests ‘disintermediating Amazon’ by selling D2C - Posted on May 26, 2012
More Comments...
Contact
PAUL BIBA is TeleRead's Editor. Reach Paul with news items or other TeleRead business at
pbiba at napco dot com.
SUBSCRIBE TO RSS
Comments:
Until more detailed analysis comes in, I’ll withhold judgment on how serious the vulnerability is for the current PDF and Adobe products, but it does show that allowing arbitrary executable code in a document format (whether Javascript in a PDF or arbitrary Java in some proposed ebook formats or DRM schemes) makes all kinds of exploits possible, and it is very difficult to make sure you’re got all the possible holes plugged– especially since many vulnerablites come from the interaction of executable features.
In particular, if the code can retrieve sensitive information from your local system, *and* can also access arbitrary URLs, then those two features put together potentiallly allow strangers to access sensitive linformation from your local system. (Asking permission to access the URL gives only limited protection;the sensitive information may get obfuscated in a URL or form parameter whose significance is not readily apparent to a user.)
Which just goes to show that format designers should think very carefully before adding scripting or other executable-code features in their formats, and readers of electronic content should think carefully before allowing content in such formats on their systems.
John, thanks for the informative and restrained comments. We’ll wish Adobe and others the best of luck in getting to the bottom of this. Of course, security considerations should be very much on the minds of all e-book format designers—and standards-setters. I’d prefer that the vetting happen from outside the vendor community, or at least with the participation of disinterested experts, not just the usual suspects. Meanwhile I hope you’ll keep us up to date as more facts come out. Thanks again. – David
Kind of amusing, considering that the forerunner of PDF was Postscript, which was a fully executable language. I think the vulnerabilities (if any) are in Adobe Reader, not PDF.
“…in Adobe Reader, not PDF.”
But they might as well be the same if you want to read DRMed PDF of the kind that the big publishers favor
Great illustration of the need to separate formats from readers!
David
Does anyone really want to read EBX-DRM’d PDF (or play any-DRM’d music)? Don’t let anecdotal evidence from that small band of early adopters who bought into the failed 1998 idea of what an ebook would be, and have so far refused to recognize that the future didn’t actually turn out that way, mislead you into thinking that EBX-DRM’d PDF is a signficant fraction of the PDF-reading whole.
In a very real way, the PDF format is already separated from any particular reader. I’m sure Adobe wishes it weren’t so, but it is.