Results 1 to 3 of 3
  1. #1
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,213 Times in 799 Posts

    Default PTR finds security hole at Cake Network

    Description:
    The Cake poker network uses a weak xor based encryption mechanism for all network transmissions instead of the industry standard SSL. The encryption key is sent in plain text and can be used to dump data from the datastream to the cake client application.

    In our lab we are able to intercept and decode the user’s login name (e-mail address), screen name, and password in plain text, as well as their seat number and hole cards. We’ve also been able to remotely display all seat numbers and hole cards on a compromised network.
    Full article


    Post up the warnings to your players folks.... again!
    No wonder this industry has such a scummy reputation..... FFS!!!
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



  2. The Following 3 Users Say Thank You to thepokerkeep For This Useful Post:

    Anthony (26 July 2010), Chips (27 July 2010), Professor (27 July 2010)

  3. #2
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Courage is being scared to death...and saddling up anyway. John Wayne
    Posts
    29,674
    Thanks
    2,784
    Thanked 8,278 Times in 5,243 Posts

    Default

    The additional problem that these reports never cover is the fact that a server, roputer or otherwise internet connection somewhere also has to be compromised....

    Not that the issue itself isn't serious, because it is, but it just bugs me that in most cases the entire story is never told.

    The lack of using better security on Cakes part though, is inexcusable so my thoughts above should not diminish that fact.

    Rick
    Universal4
    Gambling World Online Roulette Online Blackjack Live Online Games Sports Betting Horse Racing
    Casino Affiliate Programs
    Hosting and Domain Names
    Gambling Industry Association
    GPWA Moderation by Me and My Big Bad Security Self
    If an affiliate program is not small affiliate friendly (especially small US Affiliate), then they are NOT Affiliate Friendly!

  4. #3
    thepokerkeep's Avatar
    thepokerkeep is offline Private Member
    Join Date
    October 2007
    Location
    London Canada
    Posts
    2,886
    Blog Entries
    2
    Thanks
    1,004
    Thanked 1,213 Times in 799 Posts

    Default

    Today, I received an email from Cake.... guess I should feel special or something

    Anyway, it's just the typical blah blah type of statement that Cereus released when they got busted a few months ago....

    _______________________________________

    Hey Terry,
    I saw your recent coverage of the Cake Poker security issue and I wanted to make sure that you had the statement from our poker room manager Lee Jones:

    Hi folks -
    Here's a status update on the security vulnerability in the Cake Poker software which was reported yesterday. Our development team replicated the described scenario and confirmed that a vulnerability exists which can be addressed to strengthen the security of the Cake Poker software. We take this very seriously and have mobilized a team of senior engineers to address the problem. In short, we are adding an SSL layer to secure all communication between our servers and the client software. We've got everybody who can possibly help on this and will get the development and testing jobs completed as soon as humanly possible.

    In the meantime, if you wish to play on Cake Poker (or the Cake Network), we encourage you to follow good security practices:

    • Make sure that your computer is secure. Run anti-virus and spyware detection software, don't share your computer's password with anybody else, etc.
    • In terms of network security, the most secure thing you can do is play on a wired network. Plugging your computer into a router or modem with an Ethernet cable is the best defense against your packets being sniffed.
    • If you are on a wireless home, dorm, or other network that is WPA2 protected, that's your next most secure solution.
    • We encourage you not to play on a wireless network which is not password protected. For instance, if the coffee shop around the corner just plugged a wireless router into their cable connection and announced "Free WiFi", you shouldn't be playing on the Cake Network there. It's worth noting, in fact, that you shouldn't be doing anything of financial importance over an unprotected wireless network (poker, banking, etc).

    Ultimately, it comes down to a question of degree. No system is 100% secure and each person must weigh the relative convenience of access (e.g. free WiFi at a coffee shop) against the potential security risks.

    For our part, we are totally committed to closing this hole in our server-client communication security and it will be our top priority until it's done. We will update you as soon as there is more to say.

    Thank you, as always, for your patience and understanding.

    Best regards,
    Lee Jones

    Cake Poker Cardroom Manager



    Susan
    Publicist
    Terry - The Pokerkeep
    President / CEO - Gambling Affiliates Union

    Casino Affiliate Programs
    Affiliate Resources
    Gambling Affiliate Program Blacklist

    Email: admin @ thepokerkeep.com



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •