Jump to content

Cake Poker - Worse Security Issues Than Cereus

Lrgetrout

By Lrgetrout,
in General Poker Forum

 Share Followers 0

Recommended Posts

Lrgetrout

Lrgetrout 1

Posted
Posted
http://www.pokertableratings.com/blog/2010...-poker-network/http://www.pokertableratings.com/blog/2010...eak-encryption/And predictably, Lee Jones, who now heads Cake, downplays the issue:

Official Cake Poker response regarding the post on the PTR website

Hi folks -Needless to say, I've been dealing with nothing else for the last few hours. For what it's worth (and that's not much), I was not aware of this weakness until I read about it on the PTR website. While this is obviously cause for concern, please note that for an attacker to exploit this would require a hacker with a great deal of encryption expertise and a relatively rare set of circumstances.While it is possible that such an attack could occur, we believe that its actual likelihood is very low. In fact, to our knowledge, no such attack has taken place. The "good" news here is that if such an attack had been successfully launched, we would know about it because somebody would have had his or her account drained of its funds. We are not aware of any such loss and it's fair to say that such a loss would quickly become public knowledge, too.All that said, we are devoting our top software people to addressing this issue immediately. When it has been resolved, we'll make a public announcement to that effect. In the meantime, it certainly can't hurt for you to only play at Cake on wired networks or wireless networks which are WEP-protected.Finally, as regards the statement on our website that we use a twofish encryption algorithm, that is, unfortunately, not correct. We used to use a twofish algorithm implementation but discovered an error in the implementation and were switching to a new algorithm. The current algorithm was a "placeholder" until the new one was rolled into the program. The incorrect statement on the website is our fault and we apologize.We take our players' security extremely seriously and are reprioritizing our software development schedule to put this at the top of the list. We appreciate your understanding and patience.Best regards,Lee JonesCake Poker Cardroom Manager

http://forumserver.twoplustwo.com/showpost...;postcount=5944
Link to post
Share on other sites
FCP Bob

FCP Bob 1,312

Posted
Posted

I find the case interesting from two aspects.The first aspect is how Cake is dealing with things which to this point is pretty badly. They haven't informed their players via e-mail of the problem and they took down a message that pops up when you open the software after only having it up for a few hours. I understand their strategy of hoping that most of their players don't hear about it but when you screw up this badly I think you have an obligation to let the players know about it.I do play at Cake so this issue does affect me personally.The second thing I find interesting is the role of Poker Table Ratings. They recently started to track and sell hand histories from Cake and anybody using their services is breaking the rules of Cake. In their data mining efforts I imagine they came across this issue. In most cases when one comes across a security breach such as this one you tell the company with the breach about it so that they can fix the issue before it becomes widely known and the scumbags can exploit it. In this case I think PTR is just trying to boost their own profile by going public before letting Cake know about the issue.Cake obviously is showing that security hasn't been an important issue for them and they should be raked across the coals for this but I hope people don't start thinking what great guys the people at PTR are since the heart of their business is one that encourages players to break the terms of the sites that they are playing at and cheat.

Link to post
Share on other sites
Naked_Cowboy

Naked_Cowboy 0

Posted
Posted
I find the case interesting from two aspects.The first aspect is how Cake is dealing with things which to this point is pretty badly. They haven't informed their players via e-mail of the problem and they took down a message that pops up when you open the software after only having it up for a few hours. I understand their strategy of hoping that most of their players don't hear about it but when you screw up this badly I think you have an obligation to let the players know about it.I do play at Cake so this issue does affect me personally.The second thing I find interesting is the role of Poker Table Ratings. They recently started to track and sell hand histories from Cake and anybody using their services is breaking the rules of Cake. In their data mining efforts I imagine they came across this issue. In most cases when one comes across a security breach such as this one you tell the company with the breach about it so that they can fix the issue before it becomes widely known and the scumbags can exploit it. In this case I think PTR is just trying to boost their own profile by going public before letting Cake know about the issue.Cake obviously is showing that security hasn't been an important issue for them and they should be raked across the coals for this but I hope people don't start thinking what great guys the people at PTR are since the heart of their business is one that encourages players to break the terms of the sites that they are playing at and cheat.
I think it's interesting as well, but I don't like the use of the bolded. In fact, I use the base features of PTR pretty heavily to game select, so I'm more inclined to take the opposite opinion to your summary paragraph. I don't think they should be selling hand histories, but the line between what I use the site for and full out purchasing hand histories is a very hazy one on a very slippery slope... at night. Whoever is running PTR has solid business acumen. They've created a ton of goodwill for themselves by trying to act as the watchdog for the players, while at the same time exploiting the players for profit. It might seem evil, but damn if it isn't smart.
Link to post
Share on other sites
GWCGWC

GWCGWC 83

Posted
Posted

NC, my PTR stats couldn't be more wrong (according to my HEM and cashier) at every level and game type than if someone just made it up the results it reports. I can't imagine using this site for anything more than to see if someone plays a certain game type, what limits and how long they've been playing. I've heard others say it's spot on so what do I know. I lost money on Cake when I tried it out a couple years ago. There were serious issues when I cashed out and it was a HUGE pain in the ass. They've added a lot of skins since I tried out the site. I don't like poker sites with skins and only trusted Cake because of Lee Jones reputation. I only trusted the fcp skin because of Bob and DN and that was only for money being secure, not collusion detection. I didn't think I played high enough or often enough for collusion to be an issue so I wasn't too concerned. I would be very frustrated with Cake if I were currently playing there. These security protocols would make me question the security regarding collusion detection. I would very concerned by the Lee Jones responses to date and I don't think I would keep playing on the site.

Link to post
Share on other sites
Naked_Cowboy

Naked_Cowboy 0

Posted
Posted
NC, my PTR stats couldn't be more wrong (according to my HEM and cashier) at every level and game type than if someone just made it up the results it reports. I can't imagine using this site for anything more than to see if someone plays a certain game type, what limits and how long they've been playing. I've heard others say it's spot on so what do I know.
my PTR is pretty accurate. it misses sessions here and there, but for the most part it's a reasonable representation of my activity. it's certainly useful enough for game selecting as a HU player.
Link to post
Share on other sites
GWCGWC

GWCGWC 83

Posted
Posted

actually I hadn't checked in awhile and I guess it added some hands of mine from somewhere. It's only way off on my 2/4SHLHE and 3/6HUHU stats.

Link to post
Share on other sites
grocery_mony

grocery_mony 8

Posted
Posted
The thing he mentioned in his post was in NVG today. Was the link pointing to some fake archive or other?
no it was a link to a site similar to fullcontactpoker but the dot was spelled.
Link to post
Share on other sites
FCP Bob

FCP Bob 1,312

Posted
Posted
The thing he mentioned in his post was in NVG today. Was the link pointing to some fake archive or other?
no it was a link to a site similar to fullcontactpoker but the dot was spelled.
2+2 has also had Phishing attempts over the last few weeks as well.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 0
Go to topic listing
×
×
  • Create New...