Here was the exact email that I sent them. Also I am not sure if it was 5 days after the scandal broke I can't be sure, but I sent that email late at night on March 16th and they replied the next afternoon.

I understand it is a little sloppy and they probably glossed over my email, but they just had to know about the scandal and that they could help and decided not to and then changed their minds after everyone asked them to help and it became clear that it would benefit them to do so.

Then again you know more about this than anyone. Also its not like any of this would be a problem, but I don't think people should believe they are doing this out of the goodness of their hearts or whatever.

ehh, you might not be running it, but who's to say it isn't running? If I were a bad guy I'd make it look like svchosts.exe, services.exe or rundll32.exe or some variant of that. A semi competent user would have no clue, much less the totally oblivious people that make up 99% of the interwebs. I work with guys who are literally 10x smarter than me in this field, if they were bad and on the inside the possibilities would be endless.

I really wonder if its more likely to have a company where no one ever had a little clue about software developpement or computer security or if this voluntary (avoiding this mistake this is really basic knowledge).

What we could infer from this is that:
-No security audit has ever been conducted on AP/UB software, not even the most basic one (that would be the first thing checked).
-Its very likely that there is a ****load of other security problem like this one....
-And yeah, everyone with access to UB/AB server network virtually had access to the players holecards...

Sponger,
Like you said, I know a lot about the stoxtrader situation, and I think they handled that incredibly well. I have a lot to say about that, but I really don't think this thread should be about that. PM me or start a new thread if you wanna talk more about it.

I also had a brief discussion with them about this situation, and I think that they also handled this quite well.

Wow. Paul Legget posted a reply on their blog:

http://blog.ultimatebet.com/2010/05/encryption-issue/

Hello UB’ers,

One hour ago, I learned about an article posted today on Poker Table Ratings (PTR) regarding an issue with the local encryption that we use on the Cereus Poker Network. For those of you not familiar with the issue, PTR was able to crack our local encryption method. I wanted to blog to make sure our players and the poker community know how seriously we take this issue.

I would like to start by reminding everyone that someone would have to have the technical capabilities to crack the encryption method we currently use and they would also have to hack into your local network in order to gain access to sensitive data. We are currently working on implementing a new encryption method and we expect to have it live in a matter of hours.

I would also like to say that I am very embarrassed and upset that this issue was not caught by our internal staff or through the countless audits we’ve been through this year and last year. We’ve invested a great deal of money into all types of security and I am very shocked that this was not identified by us or the many third party auditors we’ve employed.

Needless to say we plan to find new security resources and third parties to help us test this solution and make sure we provide you with the absolute best security that money can buy.

I would also like to thank PTR for identifying this issue and sharing it with us and the poker community.

We will continue to update you on this issue but we will not rest until it is fixed and as I stated earlier, we plan to have this issue resolved within a matter of hours.

Play well,

Paul Leggett

countless audits and money for "all types of security"

couldnt be any more fos

i love how it will be fixed in a matter of hours, what a bunch of tools for not doing it in the first place if it is so simple

hey Paul, go **** yourself, sir.

Dear Paul Legget,

You are some seriously shady people and it makes me sick to know some of these people still support your site by playing there. I hope these greedy players actually end up leaving your shill of a site and you go out of business.

Regards,

play well? No u.

This.

I almost don't blame Cereus' engineering corps for ****ing this up, they're obviously completely retarded and designing working software is clearly beyond their skill set. For a third party company to examine their software, though, see something like this and be like "yeah, that looks cool, we'll certify these guys as safe" is an absolute joke and that company should probably never, ever be hired in a similar capacity again.

He would never post her nor any other public forum. he knows the sheep he has reading his UB blog are already committed and he could get away with saying anything without any questioning.

apparently this can be fixed in a few hours, but it took them 2 years to realize it was there? so obv they knew all along.

everyone has always known khawanake is a total joke, fijis post on their other criminal enterprises was pretty eye opening, these are some shady, shady people.

third party auditors

lmfao

hahahahahahahahahahahah

if anyone hasnt seen it just read the OP of this thread to know exactly who is "auditing" cereus.

its just makes me furious that some morans are going to read leggets blog and be like, k, its all good, fixed in a few hours!

http://forumserver.twoplustwo.com/29...norton-251958/

yeah i wouldnt even feel bad if anyone who still plays on UB got smoked by a superuser/hacker etc, would actuallly make me laugh