1) This is a legitimate risk. I wouldn't play on Cake right now.
2) It appears that somebody at Cake was intentionally deceptive. Their web site claims that they use a method of encryption (256-bit TwoFish) for all of their network traffic and even specifically says that what PTR did is impossible. They also recently rewrote their software from the ground up and had the exact same flaw in place, so they can't have simply been relying on the promises of people who worked way in the past.
Here's the statement that's still on Cake Poker's web site: "All communications between the client program running on your computer and the Cake Poker server in Curacao are encrypted using the accepted industry standard 256-bit TwoFish encryption algorithm. The unique cards dealt to each player are delivered exclusively to that particular player's computer thus maintaining privacy and integrity of play. Packet-sniffing by other players cannot be used to gain any advantage. Each player's cards are sent exclusively to that particular player's computer. None of the other computers know what your hidden cards are, thus preventing an opponent from hacking their client software to determine your cards."
http://cakepoker.com/en/PlayPoker/Re.../Security.aspx
3) Whereas Cereus was a company that pretty much everyone agreed was scummy and incompetent, Cake is generally very well respected.
4) Cereus handled their situation well by acknowledging the risk publicly, but they did not shut down their network in spite of the legitimate security risk to their customers. We still have no clue if anyone lost money because of this, and we likely never will. Let's see if Cake handles this better.
5) Cake needs to open an
independent investigation into whether or not this exploit was ever used against its customers. Of course, there's legitimate question as to whether or not there's any company that's up to the task since it's clear that the people who claim to license and regulate this industry are completely incompetent.
6) Lee Jones works for Cake and is widely regarded as a totally stand-up guy. I'd like to think that his presence will lead to Cake handling this well, but I won't bet on it.
7) We really really need online poker to be licensed and regulated by a government that has the ability to prevent problems like this. The fact that two different networks had a huge security flaw that was easily detectable for years but nobody bothered to find it, including the multiple people who claim to certify the security of these sites, the various players on the sites, and the site's own security departments shows that we need a new system.
Two Plus Two
Linear Mode
