CakePoker / Cake Feedback Thread

[Sect7G]

Quote:

Originally Posted by █████

Lee,

Why are you ignoring the posts on emailing your player base?

Why do you expect Lee to put his name to an answer if your not willing to put your name on the question?

[moki]

Quote:

Originally Posted by Lee Jones

Relatively easy to fix in the code development sense. There are multiple standard implementations of SSL; we have to pick one and insert it into all places where there is server-client communication.

It's pretty mind-blowing to me that any site that deals with real money transactions would not already be wrapping all client/server communication with SSL. SSL has been around since 1995; it's not like this is a new problem or new solution.

Quote:

The hard part (as any software person can tell you) is the testing and QA. This will touch virtually every aspect of the client's operation (the client and server talk to each other about many things, all the time) so we need to test all of it. There's no point in rushing out new client and server software if the communication between the two breaks.

Shutting the site down until it was properly fixed and tested certainly would light a fire under everyone's collective asses.

I certainly do realize the potential PR problem there though... shutting down the site sounds very drastic to people, and they may not come back. But if this issue isn't handled openly and rapidly, they may not trust Cake poker in the future, either.

Lousy situation to be in for all involved, imho.

[somethingdignified]

PTR has now mentioned this debacle in an email to all members. So pathetic that Cake let PTR beat them to the punch on emailing a warning to players.

Cake, you had a precious few hours to save your credibility once this went public. You could have warned players, shut the network down, hired some consultant programmers and been back in business as usual within hours, not days.

Instead you downplay the danger and let the fish keep showing up to be victimized. I guarantee someone is in your games looking at their opponents' hole cards right now.

[Burcak]

I don't know you guys but if I had to bet, I'd say that no one is looking at anyone's hole cards right now on Cake.

I am a software engineer (not working actively, thx poker), I was never into internet security, but currently, I am pretty sure I could never find Cake packets to sniff. I don't even know where to start. Do I get a job? Then what?

I am guessing I would need someone I know from real life who plays on Cake. Then again, if I wanted to screw anyone I know from real life, I could do it in more subtle (and easier) ways. I don't think this issue is as big as people make it sound. I may be wrong, it just doesn't feel that way. I am pretty sure, if it is not fixed, say, within 3 days, people will find ways to abuse it. But a few days is too short for this.

[Burcak]

Also I want to say one thing on the whole "bash Lee for downplaying this" thing.

Lee is responsible for a lot of people. It includes Cake customers, but also includes Cake shareholders, and employees. It may sound great to go all honorable, suddenly shut down the site, send an e-mail to all customers letting them know what happened etc. but the fact of the matter is that this could be a death sentence for Cake. Maybe, Lee is in a position to do this kind of heroic act because he doesn't necessarily need his job. But he is responsbile for everyone who is working for him, and who would lose their jobs if Cake shut down.

Personally, as someone whose part time job is playing poker, I'd HATE to learn that Cake just informed all of their customers of this security issue. And I will tell you why. The recreational players won't see this as a dent in Cake security. They will see this as a dent in online poker security.

And last but not the least, don't forget that the issue may not be as big as the drama queens of 2p2 make sound. Maybe it is not realistic to think that people would find ways to sniff the packets anyway. Don't forget that PTR's agenda is to look good in the eyes of regs (that they exploit) and making this look more serious than it is would certainly help that cause.

So if I were in Lee's shoes, and not knowing whether or not this is a serious risk (as I stated in my previous post, I don't think that it is), I would think that turning this into a huge scandal wihtout considering other Cake employees, Cake shareholders, and online poker's image would be irresponsible.

I will finish by adding one last thing. When security experts find out a leak in a software, what they do (almost always) is not to let everyone who can potentially exploit it know this. This is actually considered very inappropriate. What they do is to let the owners of the software know about it, make sure it is fixed, and then let the world know about it. This is almost always done this way. When you think about what PTR keeps doing, you will realize that in their quest to become the heroes in shining armor for the online community (while I consider them to be the scums of it) they keep acting in a way that puts people in terrible spots. If it wasn't publicized this way, I am sure everyone who is playing on Cake poker would be safer. PTR, once again, shows that they only care about their own well being, and not at all about the online poker community. This is okay, as long as you don't act like you are there for the players, when you are there for yourself only.

Anyway, just my 2c.

[StellarWind]

With the enormous number of internet accounts we all have these days it is very easy and tempting to reuse the same password on lots of different sites.

It doesn't take much outside-the-box thinking for someone who steals your Cake password to try it out at PokerStars, FTP, your email provider, your banking and retirement accounts, etc.

This incident is a good reminder to break this bad habit of using the same password for different things. Change any other passwords that duplicate your Cake password right now.

Then go change all your other duplicate passwords until every last one is different.

There are free and inexpensive products that can help you track and securely store all your passwords. I like Password Safe (www.passwordsafe.sourceforge.net). Using a product like this also makes it easy to use good passwords that would otherwise be hard to remember.

[mrMOJOrisinggg]

Pretty solid arguments IMO...

I think that this is just sad for online poker, we dont need this, as an industry or as grinders, it damages us all. Cake cannot just shut down because of the simple fact that is not just Cake, what about all the other skins? (eg Doyles, Sportsbook and all the other little ones). We are talking about people here, families, etc, depending on the website's revenue.

Still, it amazes me that this happened after what happened at Cereus in May. This is a wake up call guys. The online poker industry needs to make security its main concern, unfortunately, some poker rooms main concern is profit and dodging expenses. Some have idiots working for them. People who couldnt care less about poker and see this as just another job.

I played at cake in december, never really cared much for the site cause of the low traffic, poor MTT selection and poker client FREEZING A LOT EVENTHOUGH I JUST MTtabled 4 or 5 tables max. Played at doyles in april and left cause of the same. Rakeback is a + of course and the softer selection of games. Customer service is great and way faster than PS or FTP usually are. I have really good friends that work at doyles and I can really sympathize. Is not their fault unfortunately. They really try hard to be the best place to play for all of us, but hey, programmers at cake are really ****ing up really fugly.

I think this could be the nail in the coffin for the cake network, if this is not handled quickly and responsibly. As for Mr. Lee Jones I do think he is sincere in his apologies and pain. Of course he is gonna try to sell us the idea that it is safe to play there, is HIS business, is HIS duty, he IS the face of the network right now. Unfortunately, he could sink with the ship too. YOU ARE SUPPOSED TO BE LOYAL TO THE HAND THAT FEEDS U AND THIS IS WHAT LEE IS DOING, CANT REALLY BLAME HIM. Personal attacks on him are just childish or done in the heat of the moment.

Lets sit and watch what happens.


blindhorse86
mrMOJOrisinggg

[pooflinger]

Lee just say nothing we will all forget next week trust me and player base will rise.

[arthurbach]

Can someone give me an overall brief breakdown what has happened and what I need to be aware of so I don't need to read the last 10 pages of this thread please?

[pooflinger]

http://www.pokertableratings.com/blo...poker-network/

[TheSilentMan]

Quote:

Originally Posted by Burcak

I don't know you guys but if I had to bet, I'd say that no one is looking at anyone's hole cards right now on Cake.

I am a software engineer (not working actively, thx poker), I was never into internet security, but currently, I am pretty sure I could never find Cake packets to sniff. I don't even know where to start. Do I get a job? Then what?

I am guessing I would need someone I know from real life who plays on Cake. Then again, if I wanted to screw anyone I know from real life, I could do it in more subtle (and easier) ways. I don't think this issue is as big as people make it sound. I may be wrong, it just doesn't feel that way. I am pretty sure, if it is not fixed, say, within 3 days, people will find ways to abuse it. But a few days is too short for this.

No, you'd happen to be somebody who works on the network somewhere near a major link that a lot of cake traffic goes through, you'd start sniffing traffic to cake and then play at the highest stakes you could where you could see one or more player's hole cards and basically print money.

Edit: and honestly if you couldn't think that much through I really REALLY doubt you're a "software engineer" of any worth at all.

[Nerice]

Quote:

Originally Posted by TheSilentMan

No, you'd happen to be somebody who works on the network somewhere near a major link that a lot of cake traffic goes through, you'd start sniffing traffic to cake and then play at the highest stakes you could where you could see one or more player's hole cards and basically print money.

Edit: and honestly if you couldn't think that much through I really REALLY doubt you're a "software engineer" of any worth at all.

Or manage to exploit router(s) that handle a lot of traffic due to misconfiguration, not being updated, stupid admins, exploits etc. Backbone routers are less likely, but plenty out there handling tons of data from all over. Don't have to have access to everyone that is playing on the site...

Many routers get setup and forgot about until there is some kind of issue requiring attention, and not just individuals at home, even many large corporations tend to ignore them - some for years.

[gemixx]

Then writing "Wired > WPA2 wireless > open wireless" only might give to someone false feeling of security.

It is just perhaps safer the lower stakes u play, because the hackers time also is worth something and they will focus on catching bigger fishes in shorter time.
But certainly it seems the most wise solution to not play there at all until they fix it and to change the password. Of course not reusing the same or similar passwords everywhere is very valid point.

Just wondering, I think in case of cereus PTR informed the network immediately and then with some delay the whole world, in this case didn't happen the same?
It is also not clear, which of those approaches is better...

Is there some summary somewhere which networks/sites are verified now and their encryption is really what they claim to be?
If not then funnily it's the safest to play at cereus as there is it proven (?) it was fixed

[Cook Diddy]

proof that the gold cards are complete crap..

http://www.pocketfives.com/f7/cant-r...d-card-592620/

Edit: I hate that this is my first post at 2+2..

[super skunk]

anyone else not seeing sngs?