-
analysis of the RTMPE specification shows it to be vulnerable to
man-in-the-middle attacks, and to be nothing more than an
obfuscation
attempt using no passwords and no secure encryption keys of
_any_
kind. Diffie-Hellman is utilised, but in a way that is
subject to
standard man-in-the-middle attacks; what Adobe calls
"encryption" keys
are nothing more than publicly-available "magic constants".
- the developer of rtmpy.com has requested removal of his projects, which includes crtmpserver, from sourceforge, in protest at sourceforge's compliance with the illegal use of a DMCA take-down notice.
- the same developer has successfully implemented RTMPE in crtmpserver.
- the developers of rtmpy have indicated their intent to implement RTMPE in python.
- eben moglen, of the software freedom law centre, has written to emphasise that the software freedom law centre is always available to help any free software developers who are attacked by large corporations.
- dave touretzky, the professor who created the DeCSS gallery, has provided a mirror of the RTMPE specification on his web site.
so the shit is truly hitting the fan, for adobe.
whoopsie, guys. if you had left rtmpdump alone, i would never have seen the slashdot article. if i hadn't seen the slashdot article, i would never have mirrored rtmpdump. if i'd never mirrored rtmpdump, i would never have looked it it. i i had never looked at it, i would never have gone, "this is shit. i must write a spec, immediately". if i'd never written a spec, two teams of free software projects would never have implemented RTMPE.
how's that for not achieving the desired results? why don't you fire your shit-for-brains lawyers: they're only looking for ways to make money out of you, and are alienating the very people who could help you extend the reach, security and acceptability of your products and the protocols that you've designed: us free software developers.
until you get with the picture, though: FUCK you, adobe.