A security hole in Adobe Systems Flash video servers used to distribute movies and TV shows over the Internet, is giving users free access to record and copy from Amazon.com Inc’s video streaming service.
The software doesn’t encrypt online content, but only orders sent to a video player such as start and stop play. To boost download speeds, Adobe dropped a stringent security feature that protects the connection between the Adobe software and its players.
“It’s a fundamental flaw in the Adobe design. This was designed stupidly,” said Bruce Schneier, a security expert who is also the chief security technology officer at British Telecom.
Adobe said it issued a security bulletin earlier this month about how best to protect online content and called on its customers to couple its software security with a feature that verifies the validity of its video player.