Explanation
When logging into a poker client on your PC what is actually happening behind the scenes is a connection is established to the servers owned and operated by the poker network. This connection is used to transmit all data between your PC and the servers, including sending your username and password, betting actions, and your hole cards.

This can be thought of as a conversation between your computer and the poker network, which might go something like:

PC: I’d like to play poker my username is bob and my password is 123456
Server: You are logged in

Or:

Server: A new hand has started at your Table 1
PC: Ok
Server: Your hole cards for Table 1 are Ac Jh
PC: Ok

On all poker networks this data is encrypted in a manner that would prevent any intercepted data from being used to gain access to your account, or steal your hole cards. This means essentially that the conversation is obscured to prevent eavesdropping, so that someone listening in cannot “hear” your password.

Almost every poker network uses some implementation of the SSL protocol, which is the same type of security mechanism that everyone from banks to government agencies use to secure their data. There are several freely available implementations of this protocol including the open source OpenSSL . SSL is the industry standard, and is generally regarded as best practice for encrypting network transmissions.

The problem is that the Cereus Poker network does not use SSL to encrypt their communications; they use a custom form of encryption which is XOR-based. This form of encryption is known to be extremely weak, and in fact their particular implementation makes it particularly simple to decrypt network data due to an easily discoverable key.

In fact, the encryption that the Cereus Network employs isn’t so much encryption as it is encoding. To see how simple it is to decode this data, simply open up your windows calculator and set it on scientific mode. All that is really necessary to decode the data stream is the XOR button .

The requirement for this vulnerability to be exploited is network access. This means that if you are playing on an open wireless network, a cracked wireless network (something which is increasingly simple to do), or on a physical network which has been compromised – an attacker could dump the network traffic and exploit this vulnerability maliciously.

-ptr

helpful explanation imo

unreal

Poker players sometimes all congregate in the same area and use public wifi connections. Think about it.

thanks Hood, i should have read on longer but my head exploded after the first few sentences

Yes that's a very good point.

Still though this still has to be a targeted attack on one player. It's not like the previous scandal where the 'superuser' could see holecards of all players.

I'm in no way down-playing this scandal, but i think there is a very clear difference between the two. This could potentially be the result of a an inept and grossly inexperienced programming team, and not for more malicious reasons. If your goal was to leave in a superuser backdoor and you had such access to the development and design of the protocol, this isn't the way you would do it.

Anyone who works at an ISP upstream of Cereus, just hit the jackpot.

Implications
The implications of this vulnerability are that Cereus Poker accounts can be compromised and have their funds stolen and that an attacker could know the hole cards a Cereus Poker player is dealt in real time, then presumably exploit this knowledge to have an advantage against them at the poker tables.

This attack can either be directed, in which a person who is known to play on the Cereus Network is targeted and exploited – or passive in which an entire network’s traffic is logged and communications to the Cereus Network servers are decrypted.

Wireless networks are particularly exploitable due to the ease with which they can be compromised without having physical access, only proximity to the victim. Indeed in many cases they won’t even need to be compromised because the wireless network is not encrypted.

Physical networks are also vulnerable to a variety of attacks, especially if the physical network is on a hub (instead of a switch) which allows an attacker to passively observe all network traffic. However a physical network can also be compromised by any network hops between a victims’s PC and the Cereus servers. They are also vulnerable to an ARP cache attack which can fool their PC into sending all network packets to an attacker’s PC which would then transparently relay the information to the router – resulting in uninterrupted internet access for the victim.


-ptr

Good bolding there. I agree it's such a huge design oversight that it's pretty unbelievable this happened due purely to developer incompetence.

What's the alternative theory?

Suggestions for Players
The biggest step a Cereus player can take to protect them is to simply stop playing on the Cereus Network until these issues have been resolved. There is no way of being 100% secure at the moment. The below suggestions are precautionary and are no way guaranteed to prevent exploitation.

If a player chooses to continue playing on the Cereus Network while the network is still vulnerable, they should at minimum plug directly into their modem. This will prevent anyone on the network from exploiting them. If a wired network is not an option, the player should make absolutely sure their network is encrypted using WPA2 encryption.

We absolutely advise against playing on any unknown or public networks –especially wireless networks.

We also recommend against a player revealing that they play on the Cereus Network until these issues are resolved, so as to avoid making themselves a target.
Suggestions for Cereus Network

In order to properly resolve these vulnerabilities the Cereus Network should upgrade all of their network communications to use the industry standard OpenSSL library which is freely available at http://www.openssl.org/. When implementing the SSL changes you should be sure to validate your peer certificate so as to prevent an SSL man-in-the-middle attack.

We would also recommend that the Cereus Network undergo a real and impartial security audit. We’re happy to lend a hand in whatever way we can in this regard.

Synopsis
In summary, there is a critical vulnerability in the Cereus Network software which makes it possible for an attacker to hijack poker accounts and view hole cards. The only 100% protection is to stop playing on Cereus Network until they upgrade to using SSL. To our knowledge there are no cases of this vulnerability being used to exploit actual players. PokerTableRatings.com created test accounts for all proof of concept testing done during the discovery of this vulnerability. We do not have passwords to any unauthorized user accounts. The Cereus Network has been notified of this vulnerability. We will continue to report on this as it develops.

-ptr

guess xblink found this before ptr

theories have been postulated above in the thread

This is 99.999999% conjecture (but when large money is involved I don't discount anything) but the sick part of such a crooked company like UB, is that they could make their client software like gotomypc. If you've ever used it it's like a trojan and you could be behind a vpn, firewall etc and it could still dial out and see everything on the other end.

Now lets say you just have UB/AP install on your PC, technically if they were bad enough they could obtain your screen info, and jack you while you were playing on FT, PS, Cake, whatever also. Like you wouldn't even need to be running the client, just having it installed could possible compromise you with these crooks. I don't care, don't play there, it's not installed, I'm just brainstorming with my tin foil hat.

If you don't run the client, are you safe right now?

yes