Results 1 to 10 of 10
  1. #1
    The Buzz's Avatar
    The Buzz is offline GPWA Gossip Hound
    Join Date
    February 2007
    Location
    Newton, MA
    Posts
    3,581
    Thanks
    292
    Thanked 1,492 Times in 902 Posts

    Default CEREUS Poker Network completes security upgrade

    When one thinks of poker security, the names UltimateBet and Absolute Poker often come to mind. And not in a good way. The two sites tarnished the industry a few years back with the "Superuser" scandal.

    Well there was another glitch in the system earlier this month, a glitch that the CEREUS Poker Network, where UB and AP operate, says is now fixed.

    Casino City's Aaron Todd has all the details:

    Tokwiro Enterprises, the owner of the CEREUS Poker Network, announced that it upgraded the security protocol for Absolute Poker and UB.com to include Open SSL encryption for client-server communications in a press release last night. The announcement comes 11 days after a serious flaw in the network's security system was discovered and revealed by the operators of the Web site PokerTableRatings.com (PTR).

    Absolute Poker and UB are the only poker rooms that operate on the CEREUS network, which is the third-largest Internet poker network that accepts U.S. players.

    "Our priority is our players, and providing them with a secure online poker environment," Tokwiro Chief Operating Officer Paul Leggett said in a statement. "The implementation of the Open SSL standard achieves this for our players, and we will continue to conduct rigorous verification tests and submit to third party audits to ensure our entire operation is secure."

    The flaw was revealed on May 6 by PTR, a Web site that scrapes hand histories on roughly half a dozen poker networks and allows players to search ring game results to determine if players have a history of winning or losing. The site includes a five-minute video showing how players' hole cards and log-in information could be intercepted on wireless networks.

    "Wireless networks are particularly exploitable due to the ease with which they can be compromised without having physical access," the site explained. "Indeed in many cases they won't even need to be compromised because the wireless network is not encrypted."

    The security hole caused a PR nightmare for UB, which was rocked by a cheating scandal two years ago when several players had access to "superuser" accounts and could see other the other players' hole cards. Internet poker forum posters immediately linked the two incidents.

    "Fool me once shame on you, fool me four or more times shame on me," wrote ezdonkey on the twoplustwo.com forums. "I can't help but wonder why people still play there."

    Leggett responded to PTR immediately, saying he expected to have a solution to the problem "in a matter of hours." The next day, on both the Absolute Poker and UB blogs, Leggett stated that the problem had been fixed by "implementing a more advanced multi-layer encryption" and that an Open SSL solution would be live in a week.

    Many players were angry that the sites continued to run games despite the weaknesses in the network's security.

    "Can you explain why the site was not shut down last night when you were aware of the problem instead of leaving a security issue to be ignored until this morning?" wrote SusieQue on the UB.com blog.

    "We did consider shutting down Cereus temporarily," wrote UBMarketing in response. "However, we knew we could roll out a new solution in a matter of hours and we saw the threat of someone developing a hack to exploit this vulnerability, within that time frame, very unlikely."

    While the upgrade made it harder, it did not make it impossible. An upgrade to an Open SSL solution was made eight days later that closed the security gap for hole cards, but players' login information could still be hijacked using the same methods outlined by PTR. On May 16, Open SSL security was implemented across the entire site, and PTR acknowledged that "the biggest problems have been addressed."

    The security problems certainly haven't done anything to help the network, which currently ranks eighth on PokerScout.com's traffic report. Compared to a similar 11-day stretch a month ago (April 8-1, peak real money traffic on the CEREUS network dropped more than eight percent during the security upgrade (May 6-16), according to PokerScout.com data.

    Despite the problems, Leggett says he is doing everything he can to assure players that their accounts are safe with on the CEREUS Network.

    "We are communicating openly with PTR, our players, and the rest of the poker community to prove ourselves as a company that is safe to play at, and that we are serious about security," Leggett said in a statement.

  2. #2
    Anthony's Avatar
    Anthony is offline Affiliate Services
    Join Date
    June 2003
    Location
    Everywhere
    Posts
    7,038
    Blog Entries
    67
    Thanks
    2,026
    Thanked 3,324 Times in 1,743 Posts

    Default

    Glad they upgraded their security, but what is in place now to ensure something like this never happens again?
    I am here to help if you have any issues with an affiliate program.
    Become involved in GPWA to truly make the association your own:
    Apply for Private Membership | Apply for the GPWA Seal | Partner with a GPWA Sponsor | Volunteer as a Moderator


  3. #3
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,213 Times in 799 Posts

    Default

    This "flaw" has been present since Absolute and UB were merged onto the Cereus network. Despite countless audits as mandated by the KGC following the super-user investigations, no one discovered that the network was using the vulnerable XOR encryption rather than the industry standard Open SSL method. One has to wonder who is actually monitoring security on this network if a flaw as significant as this can go undiscovered and/or unreported for so long.

    Unlike the super-user investigation, due to the nature of this flaw we will never know if anyone actually took advantage of the lack of encryption. As a result, if any players were taken advantage of, they will never know and will never be reimbursed for their losses.

    Just how serious was this flaw in the system?
    According to one expert:

    The real danger from this comes not from someone hijacking your wireless network, which is what the statements from UB are focusing on, it's that someone who has access to an ISP backbone connection can now sniff for all traffic packets from UB routed through that location and can spy on pretty much anyone they want to. This is something that end users have zero control over of course and it doesn't matter how strong your own protection methods are, you are still at risk because this is a Fundamental Flaw in the software.
    There are also reports circulating that UB is in default on it's loans.

    Considering that they are on such shaky ground financially and their traffic has dropped significantly since the encryption issue was made public, I would urge players to get their money out while they still can. I would also urge affiliates to put their players interests ahead of their own and stop promoting this network.

    One of the most comprehensive and enlightening reports about the scandals can be found here:
    Haley's Poker Blog

    It's a long read, broken into many short posts, but definitely worth the time and effort.
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



  4. The Following User Says Thank You to thepokerkeep For This Useful Post:

    Chips (19 May 2010)

  5. #4
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Quote Originally Posted by thepokerkeep View Post
    One has to wonder who is actually monitoring security on this network if a flaw as significant as this can go undiscovered and/or unreported for so long.
    LOL. Noone is monitoring anything, as you know. Of course, they're Kahnawake registered, and also passed the eCOGRA "accredition" test - which in the light of this really can be nothing more than a round of drinks down the Dog & Duck.

    I mean, how hard is it to say "you use SSL, right"?

    http://online_casino_news.hundredper...-bet-more.html

    Industry relevant, so I'll do a write up on a bigger site, hopefully get the word out better.

  6. The Following User Says Thank You to Caruso For This Useful Post:

    thepokerkeep (19 May 2010)

  7. #5
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,213 Times in 799 Posts

    Default

    Quote Originally Posted by Anthony View Post
    Glad they upgraded their security, but what is in place now to ensure something like this never happens again?
    We have their word on it.
    Oh, Wait!! We heard that one before.
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



  8. #6
    Miss B is offline Public Member
    Join Date
    April 2010
    Posts
    59
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    The new software release uses Open SSL encryption to secure all Client-Server exchanges. Hopefully, this time players will be guaranteed a secure online poker experience at both UB and Absolute Poker.

  9. #7
    Caruso is offline Public Member
    Join Date
    August 2003
    Location
    England
    Posts
    878
    Thanks
    5
    Thanked 409 Times in 214 Posts

    Default

    Quote Originally Posted by Miss B View Post
    The new software release uses Open SSL encryption to secure all Client-Server exchanges. Hopefully, this time players will be guaranteed a secure online poker experience at both UB and Absolute Poker.
    Particularly since you promote them, eh?

    **throws up hands in despair**

  10. #8
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,213 Times in 799 Posts

    Default

    Quote Originally Posted by Caruso View Post
    Particularly since you promote them, eh?

    **throws up hands in despair**
    LOL

    Been there - done that.
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



  11. #9
    LuckyLizzy's Avatar
    LuckyLizzy is offline Public Member
    Join Date
    September 2009
    Location
    Orlando, Florida
    Posts
    366
    Thanks
    59
    Thanked 50 Times in 38 Posts

    Default

    this is good news! UB and Absolute took a nosedive with traffic since the news broke of the issue and having SSL is a huge step in the right direction for the network.

  12. #10
    arkyt's Avatar
    arkyt is offline Public Member
    Join Date
    March 2002
    Posts
    1,504
    Thanks
    171
    Thanked 235 Times in 164 Posts

    Default

    Quote Originally Posted by Caruso View Post
    Particularly since you promote them, eh?

    **throws up hands in despair**
    OT: The last month or so this place is being inundated with casinofan reps - I wonder who is behind that site?

    Several posting above each with different keyword optimized signatures.... hmmmmmm.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •