[ISN] UB and Absolute Poker on the Cereus Network Work to Fix Security Flaws

From: InfoSec News <alerts_at_private>
Date: Tue, 11 May 2010 00:31:37 -0500 (CDT)
http://www.cardplayer.com/poker-news/9043-ub-and-absolute-poker-on-the-cereus-network-work-to-fix-security-flaws

By Stephen A. Murphy  
Card Player
May 10, 2010 

Cereus Network, which is the home of the popular poker sites UB and 
Absolute Poker, was in the middle of a security controversy late last 
week when it was discovered that its two major poker sites used weak 
encryption methods. A poker tracking site announced on Thursday that it 
had hacked Cereus. encryption method and showed how it was possible for 
someone to hijack a player's account and see holecards in real time if 
that person was also able to hack the user.s Internet connection.

Paul Leggett, the chief operating officer of Tokwiro Enterprises (which 
owns both UB and Absolute Poker), issued a statement on Friday morning 
acknowledging the security breach and promising to do everything in his 
power to fix the problem.

"PTR (Poker Table Ratings) was able to crack our local encryption method 
... I would also like to say that I am very embarrassed and upset that 
this issue was not caught by our internal staff or through the countless 
audits we've been through this year and last year," said Leggett. "We've 
invested a great deal of money into all types of security and I am very 
shocked that this was not identified by us or the many third party 
auditors we've employed. Needless to say we plan to find new security 
resources and third parties to help us test this solution and make sure 
we provide you with the absolute best security that money can buy."

For someone to have had actually seen another person.s holecards and 
utilized that information to cheat, that person would have had to hack 
both the site's encryption, as well as the person's individual Internet 
access. Both PTR and Cereus Network say that scenario is very unlikely.

[...]


_______________________________________________
Best Selling Security Books and More!
Shop InfoSec News
http://www.shopinfosecnews.org/ 
Received on Mon May 10 2010 - 22:31:37 PDT

This archive was generated by hypermail 2.2.0 : Mon May 10 2010 - 22:46:22 PDT