Two Plus Two Publishing LLC Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > Internet Poker > Internet Poker

Notices

Internet Poker Discussions of Internet poker venues.

Reply
 
Thread Tools Display Modes
Old 03-11-2012, 12:28 PM   #1
banned
 
Join Date: Oct 2010
Posts: 127
Lock poker major security issue

Not sure how this affects the rest of Merge, as I haven't looked into it further.

Lock poker is tightly integrated with their casino. A while back that was the only way to deposit for non-visa card holders in the US.

After you log into locks casino, right click and hit view source (on the non-flash part). You will be shocked to see your password in plain text inside the source. No encoding, no encryption, just plain text. It also means they store your password in plain text for anyone on the lock team to see.

I informed them about this back in June of '11. The response was they'd get right on it. Nothing has been done. I figured enough time had passed for me to put them on blast.
deafeye is offline   Reply With Quote
Old 03-11-2012, 12:41 PM   #2
veteran
 
barradri's Avatar
 
Join Date: Mar 2009
Location: Teaching rich kids in Cairo
Posts: 2,247
Re: Lock poker major security issue

Kind of worrying
barradri is offline   Reply With Quote
Old 03-11-2012, 01:01 PM   #3
Pooh-Bah
 
peterpjames's Avatar
 
Join Date: May 2006
Posts: 5,724
Re: Lock poker major security issue

Pretty ridiculous, is this a Lock thing and not a Merge thing?
peterpjames is offline   Reply With Quote
Old 03-11-2012, 01:01 PM   #4
adept
 
Join Date: Feb 2009
Location: Rosarito Beach Mexico
Posts: 1,099
Re: Lock poker major security issue

playing on Merge is a gamble in itself.
bustuw72 is offline   Reply With Quote
Old 03-11-2012, 01:02 PM   #5
Pooh-Bah
 
peterpjames's Avatar
 
Join Date: May 2006
Posts: 5,724
Re: Lock poker major security issue

Quote:
Originally Posted by bustuw72 View Post
playing on Merge is a gamble in itself.
Sigh we know and have heard this a million times but for many it's a gamble worth taking, i.e they can and have withdrawn more then they ever put into it. This doesn't mean that security issues should be overlooked, etc because "well it's post BF, you deserve what happens etc etc"
peterpjames is offline   Reply With Quote
Old 03-11-2012, 01:38 PM   #6
Carpal \'Tunnel
 
IWEARGOGGLES's Avatar
 
Join Date: Mar 2005
Location: Pittsburgh/Canada
Posts: 7,351
Re: Lock poker major security issue

Had a friend try this and he was able to see his password.
IWEARGOGGLES is offline   Reply With Quote
Old 03-11-2012, 01:48 PM   #7
Is Right
 
NoahSD's Avatar
 
Join Date: Aug 2005
Posts: 18,849
Re: Lock poker major security issue

Could somebody copy + paste the part of the source with your password? (Remove your actual password, obviously.)
NoahSD is offline   Reply With Quote
Old 03-11-2012, 01:59 PM   #8
banned
 
Join Date: Oct 2010
Posts: 127
Re: Lock poker major security issue

Quote:
Originally Posted by NoahSD View Post
Could somebody copy + paste the part of the source with your password? (Remove your actual password, obviously.)
var flashvars = {
user : 'myusername',
sPassword : 'mypassword',
token : '',
encrypted : 'false',
forReal : (forMoney) ? 'true' : 'false',
IP : myIP,
portBase : '0',
returnURL : '',
casinoName : 'Lock Casino',
errorURL : '',
useLegacySystem: 0,
gameid: gameObj.gameID,
machid: gameObj.machID,
handcount: gameObj.hands,
denom: 25,
showVersion: 'false'
};

Mod edit: removed user's screen name and IP address. Everything else looks ok.

Last edited by NoahSD; 03-11-2012 at 04:36 PM.
deafeye is offline   Reply With Quote
Old 03-11-2012, 02:01 PM   #9
old hand
 
Join Date: Jun 2011
Location: Right near da beach
Posts: 1,521
Re: Lock poker major security issue

God damn idiots at lock I swear. Luckily I have my casino disabled.
unta8 is offline   Reply With Quote
Old 03-11-2012, 02:01 PM   #10
banned
 
Join Date: Oct 2010
Posts: 127
Re: Lock poker major security issue

It's clear that their entire casino is built using Flash/Actionscript... really old school way to do web programming.

I'd wager a bet their casino games could be decompiled, hacked, and altered to change the edge in your favor (or perhaps just autowin) as well, but I'm a nub with actionscript.
deafeye is offline   Reply With Quote
Old 03-11-2012, 02:02 PM   #11
banned
 
Join Date: Oct 2010
Posts: 127
Re: Lock poker major security issue

Quote:
Originally Posted by Unta8 View Post
God damn idiots at lock I swear. Luckily I have my casino disabled.
Irrelevant. You suffer from the same poor architecture as everyone else, unfortunately
deafeye is offline   Reply With Quote
Old 03-11-2012, 02:06 PM   #12
grinder
 
Join Date: Mar 2010
Location: RoK
Posts: 639
Re: Lock poker major security issue

As an American player post-BF, I'm not surprised but it probably won't affect me playing there. Merge/Lock is easily the best option available for U.S. players, which is sad in itself.

I really hope that we get Pokerstars back someday.
stwhite is offline   Reply With Quote
Old 03-11-2012, 02:06 PM   #13
Pooh-Bah
 
peterpjames's Avatar
 
Join Date: May 2006
Posts: 5,724
Re: Lock poker major security issue

Quote:
Originally Posted by deafeye View Post
It's clear that their entire casino is built using Flash/Actionscript... really old school way to do web programming.

I'd wager a bet their casino games could be decompiled, hacked, and altered to change the edge in your favor (or perhaps just autowin) as well, but I'm a nub with actionscript.
well if somebody did that it would at least make them change security lol.
peterpjames is offline   Reply With Quote
Old 03-11-2012, 02:14 PM   #14
old hand
 
Join Date: Jun 2011
Location: Right near da beach
Posts: 1,521
Re: Lock poker major security issue

Quote:
Originally Posted by deafeye View Post
Irrelevant. You suffer from the same poor architecture as everyone else, unfortunately
Not really, my casino doesn't even exist.
unta8 is offline   Reply With Quote
Old 03-11-2012, 02:22 PM   #15
adept
 
Noobie Newbertson's Avatar
 
Join Date: Feb 2011
Location: US of Goldman Sachs
Posts: 820
Re: Lock poker major security issue

This doesn't seem good.
Noobie Newbertson is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT -4. The time now is 01:33 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright 2008-2010, Two Plus Two Interactive