back to article Bookish hacker finds holes in Amazon, Apple, Google epub services

Bug hunter Craig Arendt has reported vulnerabilities in major eBook readers including those from Apple, Google, and Amazon. The similar but separate XML external entity (XXE) flaws also impact all online epub ebook services that use the popular epubcheck library that ensures good format conversions into the universal epub book …

  1. Mage Silver badge


    Is this about DRM? DRM is unethical and should be illegal.

    People or publishers can publish on Amazon or Smashwords, DRM free. I write and publish. I'm opposed to DRM and have never used it. I will though pursue anyone selling without giving me my royalty, or giving away copies, or plagiarising.

    DRM doesn't even work anyway. It's contrary to the Berne Convention as it is still there when the copyright expires. Frequently blocks all fair use, or seriously limits it.

    I also believe copyright should revert to author after 5 years and never be assigned to publisher for life of copyright, also 10 years after death is generous. The 70 years is a corporate land grab.

    I remove DRM from anything I buy, but I don't even make copies for friends, only to other devices (like read Kindle on a Kobo) and/or backups.

    Can we have clarification as to what these vulnerabilities enable?

    Mine coat has a paperback and a Kobo. A commercial "pirate" can cut off binding, auto scan a book quickly, OCR, and even proof.

    The problem is never ordinary individuals or downloaders but people uploading to "file sharing" sites and mostly commercial piracy.

    When stuff is easily available, and reasonably priced (you listening Big 6 on eBooks or all CDs vs DVDs) then most people don't bother with piracy.

    1. lglethal Silver badge
      Thumb Down

      Re: Clarification

      Look im not going to get into the Copyright stuff in your Argument, but calling DRM unethical is a bit silly and completely false. You can agree with its use or not as you feel, but its just a solution to a Problem and its use has nothing to do with ethics or not.

      DRM is a digital solution to a real world problem. Digital Theft. People stealing or illegally sharing something IS unethical. DRM is an attempt at a solution to this. Whether it is a good solution, the best solution or a waste of everyone time, is a matter of opinion. If you have an objection to it, there are sources out there, as you listed, which do without, and your welcome to use them.

      I also think your comment that the DRM is still there even after the Copyright expires is a big Problem is clutching at straws a bit. Do you also object to the little fake barcodes that are attached to products at your local store? These are effectively DRM as well, in that they are there to try and prevent theft, and they remain with the product for it's lifetime as well. but I dont see anyone complaining about those?

      DRM is a solution to a Problem. If you can suggest a better solution, there would be any number of companies that would jump at a better solution (and you would make a packet). So suggest a replacement to DRM that deters theft but allows the user to do what they want, or quit complaining that the current System is broken or just start buying your books/games from places which dont use DRM and help the market make the decision. Those are the Options on the table...

      1. heyrick Silver badge

        Re: Clarification

        I am obliged to rip the DVDs that I buy and rent. Why? Macrovision. Most big budget DVDs since around 2003ish. It used to mess with my TV, made the picture roll, and so on. It isn't the position or business of the DVD creators to dictate what I watch their product upon. Since I had a digital copy, well then it was just easier to dump it on my phone and watch it while in bed (yup, I'm a lazy git). Given my computer is mesolithic and takes forever to rip DVDs, it would actually be quicker to download a copy of whatever off the Internet. Much quicker. Oh and while you're there, look at all that cool stuff... I don't download, I rip, but that's mostly because my software has an option to turn the computer off when done, so I can just leave it chundering overnight.

        You see where this is going, don't you? DRM is a FAILED solution to a problem. Search for "torrent" of practically any film you care to mention and you'll see enough links to make it extremely clear that the use of DRM is but a minor hiccup to pirates, it just gets in the way of and annoys legit users. I'd probably still be using my ancient TV had lame attempts at analogue copy protection not messed with it. I do understand that piracy is bad and it affects the industry, but antagonising paying customers is not the answer. Oh, and quit with that insulting "you wouldn't steal a ..." advert, too.

    2. Robert Carnegie Silver badge

      Re: Clarification

      As far as I can see, it's not about DRM.

      It seems to bé mainly about software called "epubcheck" which is supposed to catch errors in e-book data files and possibly make sure that all files which should be included as part of a book are there. But while doing that, this software itself either can be interfered with, or cn bē made to include harmful data in book files, Imhaven't got that quite straight.

  2. Mage Silver badge

    I use MY kindle serial number on a Calibre plugin that removes DRM on books I BOUGHT, so I can read them on MY own KOBO.

    So I don't want DRM enabled on the books I write and get published. Yes, "piracy" is wrong, but the amount of "lost sales" are grossly misrepresented.

    I totally support copyright. I totally oppose abusive technology controls on how we consume content.

    I'm still not any clearer though, on what the actual "flaws" found in this research actually do, or what they affect.

  3. BGC Writer

    Is it right that anyone can print and sell your books even though you are the copy right holder. This doesn't seem fair to me that someone can take your work and make a profit from it without paying the rightful owner a penny. This has put me off self publishing on Amazon, as there seems to be nothing I can do about it.

    Very annoyed

    Brian G Chambers

    1. Mage Silver badge

      anyone can print and sell your books

      This has always been true.

      The Lord of the Rings was ripped off by a USA company.

      Actually "anyone" can print and sell your books only in the sense that ANYONE can re-publish anyone's content of any kind, and DRM does not stop it. HD Video example: HDCP on HDMI and BD copy protection are extra costs to the consumer and HDCP creates problems. A pretty good pirate copy can be made by pointing HD camera at 42" HDTV in a dark room.

      1) It's mostly a problem if you are already famous, then you have the resources to enforce your rights.

      2) DRM is NOT the solution to copyright violation.

      3) It's an overstated problem in terms of claimed lost revenue.

      If you have a good story or great educational material, then publish, but NOT exclusive to Amazon. Also use Smashwords (who distribute to Apple iBook, Barnes&Nobel, FlipCart, Kobo etc). Read Mark Coker's free ebooks on the subject (Smashwords). There is also now Google's playstore.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019