Possibly superusers on Cake -- Lee Jones responds - Page 6 - Poker News

Sawcruhteez · 08-06-2010, 01:50 AM

Quote:

Originally Posted by THAY3R

Just an anecdote but :
Maybe 2-3 years ago I triple barrelled with 54s on an A73xx board. My opponent called my all in on the river with....54. I stopped playing high stakes on Cake after that.

is there a HH that could be dug up from somewhere?

1outter · 08-06-2010, 02:10 AM

Can someone please post a quote of Lee saying "None of your business"?

I think he may have said it at one point, but it was in regards to how Cake is run. And in all reality, that is none of our business.

**Mason Malmuth** · 08-06-2010, 02:28 AM

Hi Everyone:

I made this post in the other thread:

Quote:

Originally Posted by Lee Jones

Without excusing, in any way, our security vulnerability, this is 100% correct and is the standard protocol in the computing industry. If you find a security leak in somebody's software, you alert the company that has the software, wait an appropriate period to let them fix it, and then tell the world.

There are a million ways PTR could have "escrowed" the scoop on this. They could have alerted us and also told some respected person in the business (e.g. Kevmath and/or another respected 2+2 mod). Had we not responded, not fixed the problem, or pretended we found it ourselves, Kevmath would have been there to tell the whole story.

Once we had the problem fixed, PTR could have then gone public and said "Aha! Look at the vulnerability we found at Cake!" We'd have no way of denying that (and we wouldn't have denied it, anyway).

I say all this to get here: ask yourself why PTR would tell the world simultaneously when they told us (thus raising the risk level for anybody playing on Cake).

Best regards,
Lee Jones

Cake Poker Cardroom Manager

Lee:

If you're going to represent Cake Poker and write that you are the "Cake Poker Cardroom Manager," it's probably time that you begin to answer the tough questions. If not, perhaps you should step down from these forums until you (or perhaps another representative from Cake) can begin to answer the questions and concerns in a realistic and straightforward manner.

Mason

Doug Lee's Shrink · 08-06-2010, 02:34 AM

Quote:

Originally Posted by Mason Malmuth

Hi Everyone:

I made this post in the other thread:

Lee:

If you're going to represent Cake Poker and write that you are the "Cake Poker Cardroom Manager," it's probably time that you begin to answer the tough questions. If not, perhaps you should step down from these forums until you (or perhaps another representative from Cake) can begin to answer the questions and concerns in a realistic and straightforward manner.

Mason

Oh snap. Love this statement from M.M. It's so easy for someone under fire to avoid the tough questions on online forums. Good for you.

lexxy · 08-06-2010, 02:37 AM

Quote:

Originally Posted by NoahSD

...

One of our goals as a community who relies on these unregulated businesses that often have incentives that are aligned against us should be to try to better align their interests with our own. Currently, our best methods seem to be making a big stink on the internet and having a bunch of 2p2ers take their rake elsewhere until a smaller group comes back to play in the softer games. Those suck. If anyone's got a better idea, I'd love to hear it.

Some kind of honesty stance has to be taken by the poker media about the trustworthiness of online poker sites.

Bluff magazine owners for example needs to think hard before selling the front several pages of their magazine every month to UB during and after the scandal and now Cake should be on that list. Sites like pokernews needs to come out and refuse to publicize sites with known vulnerabilities, not run ads for them and pretend nothing is wrong.

cause that's where the unscrupulous sites get all their fish, and thats why some better players will go back there looking for them after the smoke clears after a 2+2 / ptr bust.

It's lousy that magazines and big poker news sites continue to do business with the scammers during and after scandals. Why should people like that be some kind of poker world spokesperson that writes mild reports and says everything is just fine to the general community?

EfromPegTown · 08-06-2010, 02:37 AM

I think we are about to get some questions answered. That Mason.

Also, Lee Jones response about PTR is laughable.

THAY3R · 08-06-2010, 02:43 AM

Quote:

Originally Posted by Sawcruhteez

is there a HH that could be dug up from somewhere?

I posted it on here when it happened, though iirc it's not retrievable because their HH's are through a website and the link doesn't work anymore. It absolutely happened, though at the time I didn't think too much about it other than "lulz ruskies", I kind of just assumed he was some fish who wanted to see what I had.

Found : http://archives1.twoplustwo.com/show...e#Post11007972

**NoahSD** · 08-06-2010, 03:08 AM

Quote:

Originally Posted by 1outter

Can someone please post a quote of Lee saying "None of your business"?

I think he may have said it at one point, but it was in regards to how Cake is run. And in all reality, that is none of our business.

I don't think he ever used those exact words. People are paraphrasing this statement:

Quote:

Those of you who are asking for a specific time-line about the series of events leading up to this mess will be disappointed; I am not going to provide a time-line. Once the technical problem is solved, we certainly have a corporate obligation to do a post-mortem and understand what happened and how. But I don't believe we have a responsibility to share those results with the public.

I don't think anyone's really putting words in his mouth, though. That's clearly what he meant.

**AdamSchwartz** · 08-06-2010, 03:12 AM

Quote:

Originally Posted by █████

To be clear, Lee also mentioned that when the Cereus SSL scandal broke, he asked his tech team if they had the same problem (which they had), and they assured him that they didn't.

You know, it's a serious issue that needs to be addressed but when you say stuff like this you really undermine your cause.

You're stating opinion when you say they were the same problems. Some very smart tech people have said that wasn't the case.

Stick to the facts. I think most would agree that Lee and Cake deserve that.

**NoahSD** · 08-06-2010, 03:32 AM

Quote:

Originally Posted by AdamSchwartz

You know, it's a serious issue that needs to be addressed but when you say stuff like this you really undermine your cause.

You're stating opinion when you say they were the same problems. Some very smart tech people have said that wasn't the case.

Stick to the facts. I think most would agree that Lee and Cake deserve that.

Cereus didn't have encryption. Cake didn't have encryption. They actually both used roughly the same version of non-encryption (or "encoding" or whatever you wanna call the unsecure method that they used).

Even Lee agrees with black line guy on this point:

Quote:

when the issue came up in May, I asked our software management team. They told me that we were more secure than Cereus. When this all came to light a few hours ago and they got down into the actual code, it turned out they were wrong (as one of the senior managers just admitted to me).

I guess you could get super technical and point out that they didn't use exactly the same version on fake encryption (In fact, IIRC everyone that I've talked to who understands this stuff better than I do agrees that Cake's "encoding" or whatever was worse than Cereus's because they didn't use MD5 hashing for passwords). You might be misinterpreting some posts by people who are interested in this stuff who were pointing out these small technical differences. But it's pretty much the exact same problem, and Lee has acknowledged this. As BLG said in the statement you quoted, he had previously assured people that that was not the case, though he says this is because he was given bad information.

skelm · 08-06-2010, 03:49 AM

Quote:

Originally Posted by NoahSD

Cereus didn't have encryption. Cake didn't have encryption. They actually both used roughly the same version of non-encryption (or "encoding" or whatever you wanna call the unsecure method that they used).

Even Lee agrees with black line guy on this point:

I guess you could get super technical and point out that they didn't use exactly the same version on fake encryption (In fact, IIRC everyone that I've talked to who understands this stuff better than I do agrees that Cake's "encoding" or whatever was worse than Cereus's because they didn't use MD5 hashing for passwords). You might be misinterpreting some posts by people who are interested in this stuff who were pointing out these small technical differences. But it's pretty much the exact same problem, and Lee has acknowledged this. As BLG said in the statement you quoted, he had previously assured people that that was not the case, though he says this is because he was given bad information.

This exactly.

At the end of the day it's essentially the exact same problem (a failure to implement a secure encryption method) with Cake's issue being that much worse given that they basically had a grace period (when PTR's attention was locked onto Cereus) and still managed to disregard their customers.

**AdamSchwartz** · 08-06-2010, 03:50 AM

Thanks for clarifying Noah, I certainly did mis-interpret what was said then.

I apologize to black line guy for my previous post and will go back to the old thread to read again.

TookURCookie · 08-06-2010, 04:17 AM

Quote:

Originally Posted by THAY3R

Just an anecdote but :
Maybe 2-3 years ago I triple barrelled with 54s on an A73xx board. My opponent called my all in on the river with....54. I stopped playing high stakes on Cake after that.

Now that's insane. It's too bad this player wasn't looked into further at the time.

GOLDFLOP · 08-06-2010, 05:07 AM

The fact that you guys really think Cakes operation is ran from a basement in Dublin is so funny. Do you think Doyles Room and many other sites would ever move to Cake if they went to a meeting in a basement in Dublin? They have four offices world wide. With about 100 employees.

Also with thousands of players playing online, I seriously doubt they would do some super user bull****. They are a multimillion dollar company. I have been a poker affiliate for 7 years now. I have met many people in their staff and they are honest people. Ok there was a security issue, but the rest of this is just retarded. Im going to have to back them up on this one.

ibluffoldladies · 08-06-2010, 05:21 AM

Quote:

Originally Posted by GOLDFLOP

The fact that you guys really think Cakes operation is ran from a basement in Dublin is so funny. Do you think Doyles Room and many other sites would ever move to Cake if they went to a meeting in a basement in Dublin? They have four offices world wide. With about 100 employees.

Also with thousands of players playing online, I seriously doubt they would do some super user bull****. They are a multimillion dollar company. I have been a poker affiliate for 7 years now. I have met many people in their staff and they are honest people. Ok there was a security issue, but the rest of this is just retarded. Im going to have to back them up on this one.

This means a lot considering your income depends on their success.

One day they're going to release a movie about internet poker, and it's going to be hilarious when we all find out how much they stole.