your password is still visible to employees of lock poker tho, which is a big enough security issue in and of itself.

I just noticed this part. Lol Lock Security.

What? They have developers that work for them, thats what they're paid to do?

And Lock also straight up lied about their reasons for DQ'ing Girah before the chip dump was revealed, presumably in an attempt to cover it up.

Just because you can't access the casino doesn't mean that others can't see your password there.

Also the site that poached from all other Merge skins by advertising a bonus 20% rakeback, and then never actually paid it out

I can't make it work. I can only see a hashed pass.

If this is true then jfc...

Doubtful, what have these developers been doing for the last 9 months?

Pathetic. Truly pathetic.

Wow this is on a par with Sony Playstation not encrypting their data.

If anyone can't remember how that one ended, here's a reminder

http://www.eweek.com/c/a/Security/So...counts-208028/

Not only are your passwords being stored in plain text for Lock employees to see, but they are also being sent across the internet for anyone to intercept too.

Now that the breach is out in the open, seriously be careful guys. This is a really serious security breach.

Anyone tried this on other merge skins?

Can't wait to see the excuse Rizen gives us for this one.

And the excuse he gives for staying on board at Lock, claiming that he still hasn't seen any concrete examples of shadiness on their part.

So I guess it's pretty clear that Lock suffers from the same unethical-AND-competent malady that plagued UB for all these years.

Anyone who plays there instead of another Merge skin is insane and must hate money.

This would only be able to be tried on the ones that have casinos.

Dont they all have casinos?

This situation is pretty messed up. Ive read through a tonne of these lock poker threads and I must say Im surprised that 2+2 allows them to have a sub forum here. What is the reason they are allowed here? Im actually curious as to the answer.

No. Hero doesn't have one.

I don't think Black Chip has one, either. I think there's plenty of other Merge skins that don't. In general, casino gambling pisses off the DOJ more than simply offering poker.

The casino side is using RTG software. I don't know of any other Merge skin that uses RTG.

I'm pretty sure this is not an RTG software issue. RTG are one of the biggest casino software providers (alongside playtech and MG) and it's pretty battle-worn. Not that they are the most reputable in the world (about half the casinos using RTG are 'rogue' or 'caution' on casinomeister) but the software itself is pretty solid. It's also used on bodog and other reputable skins, some that use the flash, and i tested one and it doesn't have this issue. so it seems a custom lock system they've developed to facilitate account sharing between 'lock' accounts in poker and casino.

+1

http://forumserver.twoplustwo.com/sh...42&postcount=5

Except for neither PokerStars or FTP offered casino games.

Developing other parts of the software?

if this is over https its not nearly as big of a deal as otherwise. (but still bad form!)

edit: obv storing passwords in plaintext is terrible and unforgivable. but loads of places do incorrectly for CS reasons or otherwise and you just never hear about it.

It's not over https.

not sure why this got moved seems like a really big deal.