CakePoker / Cake Feedback Thread

[Your Mom]

Quote:

Originally Posted by listen_folks

I expect this out of a lot of sites but from Lee it's different. You have a couple of options here. Resign and wash your hands of the mess or inform every player on the site of the security breach and let them decide to play or not. Pretty much any other action and you lose all professional credibility.

this, someone needs to be fired either way.

[Beyonder01]

Quote:

Originally Posted by PotLuckPete

Lee, I believe you're trying to do all you can but this is absurd:

1. WEP

My first semester networking students can crack WEP. Free tools such as backtrack makes this an absolute no brainer. This is a careless recommendation.

2. You encourage people to still log on

There's a known vulnerability and you talk about ways to log on the network?

3. You keep the site running

So for all the customers who aren't aware of this issue, Cake keeps on plugging along like nothing happened? I'm sorry, this is not careless, this is negligent.

4. Placeholder algorithm

"The current algorithm was a "placeholder" until the new one was rolled into the program.".

No, No and No. This is not acceptable. You don't put weak placeholder algorithms in place and not tell anyone. Customers had the right to know to make their own decisions. Lee, could you imagine my bank telling me.. no wait, let's make this a direct comparison.Could you imagine my bank NOT telling me they decided to put my account at risk and had to find out from a watchdog site. Then... (get ready for this) when I ask them how they could possibly put my account at risk, they tell me they knowingly put a placeholder.. oops. I go to their website and they claim to have been protecting me with a security that wasn't in place.

Question: How do you think that would go over?

I'm so furious right now, I better bring this to a close. Lee, I've always respected all you've done for the poker community in the past, make the recommendation to close it down. Make the recommendation that Cake notifies players of the security hole. Make the recommendation that Cake tells players they willingly knew they were not implementing the security they posted on their own website. Otherwise, like the above poster said.. it's smoke and mirrors my friend. We heard it all with UB, the community is tired of it.

wow... and i was thinking of putting money on Cake too!

but after reading Lee's response there is no way in hell that is happening now.

still telling players to play despite a serious security issue... unbelievable!

[vanwilder10]

wow this is sad

[Cliffs?]

Even though I am a winner on Cake, and pretty sure I have never been snooped/superused, I requested a full cash out tonight.

The combination of a really incompetent programming team, as shown during this beta process. The lie on the website. The lie to Lee about the security, and the fact that given the lie to Lee, in the time since, they didn't rush to correct or implement the proper encryption. My trust in Cake is gone.

Its a real shame that Lee is left hung out to dry over this. What they did to him and to the trust we gave them is inexcusable.

What would it take to get me back? For starters, Lee stating exactly who told him the site was secure and that person is no longer with the company. That Cake is hiring a new company to develop the software and security systems and that the software is extensively tested and approved by a third party.

[karmabling]

I have just surfed over to gambling911, pokernews, cardplayer, and pokerscout and no one is mentioning the cake security hole.

All of those sites take advertising dollars from cake.


Karma

[1outter]

Holy Over-Reaction, Batman.

While I agree something needs to be done regarding Cakes security...
But seriously guys, if you're on an open network and playing poker, you done goofed.

[PotLuckPete]

Quote:

Originally Posted by 1outter

Holy Over-Reaction, Batman.

While I agree something needs to be done regarding Cakes security...
But seriously guys, if you're on an open network and playing poker, you done goofed.

Please tell me this is a level. You don't really think the 'only' concern is joe-user playing poker on an open network, do you?

[schummlalala]

Quote:

Originally Posted by karmabling

Lee stated to use WEP encrypted wireless setting if you play on cake using wireless. This is incorrect. DO NOT USE WEP. It is easily hacked/compromised.

If you must play on cake using a wireless internet connection then please make sure you are using WPA2 for encrption of your wireless internet.


Karma

THIS!

Don't use WEP, it was broken ages ago. Sadly enough, some vendors still have WEP as the default encryption enabled. When you buy a router, make sure to use WPA2 with a really strong passphrase.

Also disable remote login, choose a strong admin password.

WPA2 seems to have a security problem too though, according to this article:


http://www.airtightnetworks.com/WPA2-Hole196

Quote:

Exploiting the vulnerability, an insider can bypass WPA2 private key encryption and authentication to sniff and decrypt data from other authorized users as well as scan their Wi-Fi devices for vulnerabilities, install malware and possibly compromise those Wi-Fi devices.

And:
http://www.h-online.com/security/new...d-1044970.html

If I understand the text correctly, it's possible for an attacker to pretend "he" is an access point and route the traffic through his system. He then could read the data between the cake client and server and obtain the login data.

[assasin]

Was this monumentally unethical decision:

"The current algorithm was a "placeholder" until the new one was rolled into the program."

Before or After this:

http://forumserver.twoplustwo.com/sh...postcount=4875

Either way you have a monsterous problem with your dev team. And if that place holder was put in After the Cerus scandal...

Just why? Why would anyone eschew the mature, readily available, easily implemented ssl encryption options available in EVERY development language.

Every language right down to something as high level as ECMA script for crying out loud!

I never got an answer to this after the Cerus scandal. The only answer I can come up with is a developer deliberately chose to open a back door!

[Wanner5betme]

I can anyone tell me what the peak HU sng hours are in UK time GMT.
Is the traffic in these games solid for multitableing them or are they too slow to fill up at any time.

Also when downloading the software ,is the beta 2 software the correct download for a windows vista user, on a standard laptop?.(sry noob question)

[Wanner5betme]

Quote:

Originally Posted by Wanner5betme

I can anyone tell me what the peak HU sng hours are in UK time GMT.
Is the traffic in these games solid for multitableing them or are they too slow to fill up at any time.

Also when downloading the software ,is the beta 2 software the correct download for a windows vista user, on a standard laptop?.(sry noob question)

wow ,in light of everything Iv just read on this thread , that wassnt here a week ago ,about onsite money being compremised, the aswrs to the questions I asked ^^^ obv are not important to me anymore good luck getting al this resolved , il be on FT and Stars where I can sleep soundly at night.

[calvinzorr]

Someone give me cliffs on the gold card situation everyones bitching about?

[ItsNotLupus]

Quote:

Originally Posted by calvinzorr

Someone give me cliffs on the gold card situation everyones bitching about?

Cake Poker has the Match and Win promo this month, but it is statistically near impossible to get the cards to claim a bonus. Unless you play sick volume at high stakes in which case you have a shot at a $20 bonus.

[GreenSmoke85]

Jayrock,

Please go away, no one cares what a shill for cake has to say, about this situation at all.

Lee,

I've been with cake since the beginning, even before you guys even merged with sportsbook, way back when. Lately things have gotten progressively worse and worse with one problem after the other. Things have to change as the last few months have been a total embarassment for cake poker with this most reccent problem making me lose total trust for your statements and organization.


This is gross things need to change...

[Chompokino]

Quote:

Originally Posted by Lee Jones

Official Cake Poker response regarding the post on the PTR website

I am exceedingly proud of my reputation in the poker industry. With that reputation comes an extraordinary responsibility and I take that most seriously. I feel that I dropped the ball here. I wasn't responsible for the software development and had absolutely no knowledge of the potential security hole. But I have a feeling that if I'd pushed harder in a few places and asked a few more questions back in May, I might have been able to uncover it.

Regards, Lee

Hmmm dropped the ball? I'd say dropped the soap