Results 1 to 12 of 12
  1. #1
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,212 Times in 799 Posts

    Default Security Alert - How is this even possible?

    I'd love to hear a valid explanation from someone in Cake's security department regarding the lack of SSL encryption on your network. Please explain how, in spite of what happened at Cereus recently, you guys failed to make sure your own security was up to minimum industry standards.

    Please explain how a poker network can operate for so many years without someone catching this. Seriously WTF? Where do you guys hire your staff? No one thought to check your encryption system even after the Cereus blow up.... come on!!

    What are you doing about it? When can we expect this issue to be fixed? Are you planning on taking your network offline until it's fixed? If not, why not? Are you planning to issue a press release or warning to your players about the risks involved by playing on your network?

    Source: Cake Network Security Warning
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



  2. #2
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    24,911
    Thanks
    1,490
    Thanked 6,930 Times in 4,418 Posts

    Default

    Please explain how a poker network can operate for so many years without someone catching this. Seriously WTF? Where do you guys hire your staff? No one thought to check your encryption system even after the Cereus blow up.... come on!!
    I think this is one of the most important points Terry made....

    After the previous mess and how bad it made them look, you still didn't take the time to ask what kind of encryption was being used??

    Every single casino, sportsbook and poker room out there should be asking this same question right now!!

    (In reality this question should have been asked and answered BEFORE the first visitor arrived at the site when it went live...but if it wasn't the clock is now ticking)

    Rick
    Universal4
    Gambling World Online Roulette Online Blackjack Live Online Games Sports Betting Horse Racing
    Casino Affiliate Programs
    Hosting and Domain Names
    Gambling Industry Association
    GPWA Moderation by Me and My Big Bad Security Self
    If an affiliate program is not small affiliate friendly (especially small US Affiliate), then they are NOT Affiliate Friendly!

  3. #3
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,212 Times in 799 Posts

    Default

    Can someone from GPWA get Cake to respond here?

    I see Lee Jones is taking the time to post at 2p2 and their PR department took the time to email me.... expecting them to address their affiliates in an open forum isn't asking too much is it?
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



  4. #4
    Chips's Avatar
    Chips is offline Private Member
    Join Date
    October 2007
    Location
    God's Country
    Posts
    3,616
    Thanks
    1,038
    Thanked 1,201 Times in 885 Posts

    Default

    Typical cake service.
    --
    "People who are unable to motivate themselves must be content with mediocrity." ~Andrew Carnegie~

  5. #5
    Anthony's Avatar
    Anthony is online now Affiliate Services/Moderator
    Join Date
    June 2003
    Location
    In the City
    Posts
    6,651
    Blog Entries
    66
    Thanks
    1,847
    Thanked 3,019 Times in 1,629 Posts

    Default

    Quote Originally Posted by thepokerkeep View Post
    Can someone from GPWA get Cake to respond here?

    I see Lee Jones is taking the time to post at 2p2 and their PR department took the time to email me.... expecting them to address their affiliates in an open forum isn't asking too much is it?

    I sent cake a note pointing them to this thread.
    I am here to help if you have any issues with an affiliate program.
    Become involved in GPWA to truly make the association your own:
    Apply for Private Membership | Apply for the GPWA Seal | Partner with a GPWA Sponsor | Volunteer as a Moderator


  6. The Following User Says Thank You to Anthony For This Useful Post:

    thepokerkeep (30 July 2010)

  7. #6
    JustinJ is offline Non-sponsor Affiliate Program
    Join Date
    July 2010
    Posts
    4
    Thanks
    0
    Thanked 6 Times in 2 Posts

    Default

    Hello,
    <o></o>
    Recently there has been news circulated by PTR regarding the security of the Cake Poker software. Our development team have confirmed that the described encryption vulnerability exists, although the claim by PTR has been falsely overstated. However, we are taking this very seriously and have mobilized our senior engineers to address the problem and strengthen the security of the Cake Poker software. We are adding an SSL layer to secure all communication between our servers and the client software and will complete the development and testing of this as soon as possible. Cake Poker is totally committed to closing this hole in our server-client communication security and it will be our top priority until it is 100% complete. <o></o>
    <o></o>
    In the meantime, for players playing on Cake Poker, we encourage them to follow security practices, such as:<o></o>
    <o></o>
    • Players should ensure that their computer is secure. Run anti-virus and spy ware detection software, not to share their computer's password with anybody else, etc.<o></o>
    • For added security, we recommend playing on a wired network. Plugging your computer into a router or modem with an Ethernet cable is the best defense against packets being sniffed.<o></o>
    • If using a wireless network, we recommend that is WPA2 protected.
    • We encourage all players not to play on a wireless network which is not password protected. <o></o>
    <o></o>

    We will ensure to keep you updated as to the progress of this development.<o></o>
    <o></o>

    Best Regards,

  8. #7
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    24,911
    Thanks
    1,490
    Thanked 6,930 Times in 4,418 Posts

    Default

    We understand this may be a massive undertaking for you but glad to see that you are taking it seriously and acting on it.

    Can you give any kind of indication as to any kind of timetable of getting an update rolled out?

    Rick
    Universal4
    Gambling World Online Roulette Online Blackjack Live Online Games Sports Betting Horse Racing
    Casino Affiliate Programs
    Hosting and Domain Names
    Gambling Industry Association
    GPWA Moderation by Me and My Big Bad Security Self
    If an affiliate program is not small affiliate friendly (especially small US Affiliate), then they are NOT Affiliate Friendly!

  9. #8
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,212 Times in 799 Posts

    Default

    Can you explain what part of the PTR report was false?
    They did crack your security.
    They did access sensitive data, in real time.
    They did observe players hole cards, in real time.

    If they did it, others have the ability to do so as well, especially now that the security hole is public knowledge.

    Why is the network still allowing players to play on an unsecured network?
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



  10. #9
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,212 Times in 799 Posts

    Default

    Why did Cake remove the warning that was in place when players logged into the poker client? This was the one and only effort you had made to inform the players - now it's gone!

    From my perspective, it looks like Cake is putting profit above player security.... not the best strategy for long term survival. Doing the right thing now may cost you in the short term - but failing to protect/inform your players is going to cost you dearly in the long term.

    No warnings to players!
    Very little communication with affiliates!
    Releasing misleading or incomplete information!

    Cake needs to Communicate and Take Responsibility! Otherwise the network will lose all credibility with affiliates and players. Time is running out - do the right thing before it's too late!

    The bad press is just beginning, stay tuned for round 2.
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



  11. #10
    grem's Avatar
    grem is offline Public Member
    Join Date
    July 2010
    Location
    CBN
    Posts
    1,451
    Blog Entries
    19
    Thanks
    254
    Thanked 418 Times in 205 Posts

  12. #11
    bb1web's Avatar
    bb1web is offline Private Member
    Join Date
    October 2003
    Location
    onlinebettingbuddy.com
    Posts
    1,481
    Thanks
    592
    Thanked 412 Times in 252 Posts

    Default

    I'm writing a waring to my readers now.
    Almost Here! How would you like to be able to get not just one sign up from your player, or even a couple, but every single casino they join from here on? I've a plan that can make that happen and it will likely also tell you every time the player is active within the casino.

    Gambling Affiliate Place
    Slot Machine Games
    Casinos Accepting USA Players
    Real Time Gaming Slots
    slots tip
    avoid non paying casinos

  13. The Following User Says Thank You to bb1web For This Useful Post:

    thepokerkeep (3 August 2010)

  14. #12
    Chips's Avatar
    Chips is offline Private Member
    Join Date
    October 2007
    Location
    God's Country
    Posts
    3,616
    Thanks
    1,038
    Thanked 1,201 Times in 885 Posts

    Default

    Blogged a caution to readers, adding to caution block on blacklist page as well. Will remain in place until the issue has been resolved.
    --
    "People who are unable to motivate themselves must be content with mediocrity." ~Andrew Carnegie~

  15. The Following User Says Thank You to Chips For This Useful Post:

    thepokerkeep (3 August 2010)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •