http://www.reuters.com/article/ousiv/idUSTRE48P88V20080926?sp=true
Amazon seems to be using RTMP and only encrypting the upstream half of the connection. Adobe said it issued a security bulletin earlier this month about how best to protect online content and called on its customers to couple its software security with a feature that verifies the validity of its video player. An Amazon spokesman said content on the company's Video On Demand service, which offers as many as 40,000 movies and TV shows on its Web site, cannot be pirated using video stream catching software. However, in tests by Reuters, at least one program to record online video, the Replay Media Catcher from Applian Technologies, recorded movies from Amazon and other sites that use Adobe's encryption technology together with its video player verification. Does Gnash work with the Amazon video site yet? Here is the Security Bulletin APSA08-06 (Sept 2, 2008): http://www.adobe.com/support/security/advisories/apsa08-06.html "Content Protection in Flash Media Server" Release date: September 2, 2008 Vulnerability identifier: APSA08-06 CVE number: N/A Platform: All platforms Affected Software: Flash Media Server 3.0 Summary Adobe is aware that third-party vendors have produced software to capture and archive video delivered via Flash Media Server 3.0. Customers using Flash Media Server 3.0 are advised that they can utilize RTMPE or RTMPTE (the tunneled version) combined with SWF Verification to provide maximum content protection. Details For more information on using RTMPE or RTMPTE and SWF Verification, Flash Media Server 3.0 customers can consult the following TechNote. [http://www.adobe.com/go/kb405456] There are a lot more links to documentation of these misfeatures in the TechNote. The "SWFVerification" thing appears to be some kind of bizarre security-by-obscurity. The theory appears to be that a rogue application couldn't have a copy of the real .SWF file that was downloaded from the site. I haven't found a real description of how it works, though. John _______________________________________________ Gnash-dev mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnash-dev
