Full encryption stops Amazon Web video leak: Adobe
SEATTLE (Reuters) - Amazon.com has fixed a glitch in its video streaming service by adopting Adobe Systems Inc's encryption on all television shows and movies found on its site, software maker Adobe said on Monday.
Last week, Amazon.com said it fixed a temporary problem that allowed people to record and copy from the online retailer's video streaming service without paying.
At the time, and again on Monday, Amazon would not specify what it did to plug the hole on its "Video On Demand" site to stream catching software like the Replay Media Catcher from Applian Technologies.
Adobe, whose software is used by Amazon.com to distribute movies and TV shows over the Internet, said Amazon decided to encrypt all of its video after streaming both encrypted and unencrypted versions of content to users.
Some industry experts told Reuters last week that Adobe did not take full security measures in designing its software, leaving video content vulnerable to stream catching software. Adobe denies that its software leaves videos vulnerable if it is fully encrypted.
The stream catching software, according to Adobe, exploited video sent using Adobe's real time messaging protocol (RTMP), which is not encrypted like Adobe's RTMPE, a new layer of security in the company's latest flash media server software.
The encrypted video can be seen by about 86 percent of Internet-connect PCs, while nearly all can view the unencrypted version.
"Amazon has subsequently made the decision to move everything to RTMPE," said Jim Guerard, vice president and general manager for Adobe's Dynamic Media division.
Amazon declined to comment, saying it does not comment on its security practices.
It was not immediately clear why Amazon would offer nearly 40,000 movies and television programs on an unencrypted stream, but it signals the constant struggle by content providers and publishers to deliver video conveniently while maintaining tight security.
Officials at Adobe said it put out an advisory warning on September 2 -- several weeks before Amazon fixed its glitch -- to customers that if they put out content on both encrypted and unencrypted streams, their video would be at risk.
Adobe said there are no security problems with its Flash Media Server despite the breach at Amazon and it has encouraged security-minded customers to encrypt all of its video and also verify that only approved flash video players work.
Amazon is still vulnerable, according to security experts, to screen-recording software that can make unauthorized and unprotected copies of Amazon's online movie rentals, which could be viewed and copied beyond the rental limit agreement.
Adobe said it and others have no immediate security answer to that problem at this time. The company said it is the online equivalent of someone walking into a movie theater with a video camera and then burning DVDs from that recording.
The problem calls into question the viability of renting videos online and possibly exposes online video content to the rampant piracy that plagued the music industry during the Napster era.
Widevine Technologies, a Seattle-based provider of digital rights technology that works with flash media players, said many more layers of protection are required to truly protect online video content from piracy.
"As long as Amazon does not properly protect the content they do put the long-term content revenue streams of the studios, their competitors and themselves at risk," said Widevine Chief Technology Officer Glenn Morten.
Adobe, whose flash video player is installed on nearly all of the world's Web-connected computers, said that security is a constant cat-and-mouse game and it is a shared responsibility between Adobe and content providers.
(Editing by Gary Hill)
