[free-sklyarov] Re: Doesn't make sense?

Pablos Kadrevis pablos at kadrevis.com
Fri Jul 20 01:52:00 PDT 2001


Mike,

Thanks for your thoughtful note, you put a lot more into it than most of 
the mail I've been getting.  I have some of the same concerns as you and 
thought I should point out why my view differs slightly.

Dmitry is certainly not to blame.  He is employed as a programmer by 
Elcomsoft and has done research on eBook security and written software that 
makes use of his findings.  All of this is legal in Russia where he lives. 
If someone takes issue with the distribution of this software in the U.S. 
they should do so with the people running the company, or the U.S. sales 
agent.  In any case, Dmitry is the wrong target.

As a member of The Shmoo Group of information security professionals, I 
believe in Full Disclosure Security <http://www.shmoo.com/about.shtml>. 
This is generally practiced by giving the vendor some lead time to address 
the security issues at hand, but in any case, the vulnerabilities must be 
exposed.  Believe it or not, this serves everyone's best interests.  Adobe 
and other eBook vendors have implemented childish copy protections and sold 
them to their customers for several thousand dollars alleging that they can 
protect their content.  Those customers have been swindled.  By exposing 
the truth about eBook security, Dmitry does a service to everyone who uses 
it.  Adobe should take this to heart and improve the security of their 
product.

I understand that as a shareware author, putting more effort into copy 
protection is not economical for you.  It is true that copy protection is a 
losing battle in a war of escalation.  You cannot except by constantly 
raising the bar.  I'd suggest this is one reason that shareware exists, for 
the authors who are not going to play that game.  Shareware doesn't need 
copy protection, because the business model is built on users sharing the 
software.  Unfortunately, this business model has not sufficiently rewarded 
shareware developers for their efforts.  At the same time, Adobe's business 
model hase more than rewared them for their dismal efforts.  Remember, 
eBook is a product sold specifically for security features.  The authors 
who create books that are supposed to be protected by eBook are the ones 
taking a loss.

Additionally, as Americans, we take a loss when we give up crucial freedoms 
such as fair use to protect a fleeting business opportunity such as 
copyright under the DMCA.

Thanks again,

Pablos Kadrevis.

--On Friday, July 20, 2001 3:22 AM -0400 "Worldlist at aol.com" 
<Worldlist at aol.com> wrote:

> I've read about the matter. And if he had been a real security expert. He
> would have told Adobe what he did in the first place and shown them their
> mistake. Contracted out to Adobe as security. If they were not
> interested.  Then he should have moved on to something else. Or at best,
> just shown his  peers the skills he had learned, and applied. And not
> distributed the crack  on CD's to all of his peers to enjoy for free.
> People seem to think that programs should be free for the taking, and the
> poor mans, or companies work shouldn't be rewarded. And as being a small
> shareware author myself, I tell you, it is so frustrating when someone
> cracks  my programs. I have so many bills, so many responsibilities to my
> family, and  when this happens it just breaks my heart. Now I know he is
> a great  programmer-engineer, and should be very proud of his work and
> want to show it  off. But the tit for tat battle between his company and
> Adobe is not an  honorable thing to me. He is trying to circumvent their
> hard work more as a  Samurai then a security expert.
> Anyway that's my two cents. Oh, why I choose the nice side. Because I
> think  you guys are the real heroes. Standing up for your friend like you
> have is  very Admirable!
> Right or wrong ... Cheers!
>
> Mike O'Rourke

--
Pablos Kadrevis
pablos at kadrevis.com
415.420.3806
www.shmoo.com/~pablos






More information about the Free-sklyarov mailing list