Two Plus Two Publishing LLC
Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

News, Views, and Gossip For poker news, views, and gossip

Reply
 
Thread Tools Display Modes
Old 05-06-2010, 06:51 PM   #1
bape x dunKs
newbie
 
Join Date: May 2010
Posts: 28
Another hole in UB and AP security

http://www.pokertableratings.com/blo...poker-network/
bape x dunKs is offline   Reply With Quote
Old 05-06-2010, 06:52 PM   #2
nizzwsop
old hand
 
nizzwsop's Avatar
 
Join Date: Jan 2010
Location: Painting Gold
Posts: 1,618
Re: Another hole in UB and AP security?

https://forumserver.twoplustwo.com/19...e-fold-772028/
nizzwsop is offline   Reply With Quote
Old 05-06-2010, 06:59 PM   #3
ezdonkey
veteran
 
ezdonkey's Avatar
 
Join Date: Jun 2006
Location: MAKING STEEL
Posts: 2,955
Re: Another hole in UB and AP security?

Ahahahah ROFL

Fool me once shame on you, fool me four or more times shame on me.
I can't help but wonder why people still play there.

1) The original POTRIPPER-scandal
2) Pots rewarded to losing hands (fixed limit session vs Phil Hellmuth)
3) This

Am I forgetting something? Too bad that one company has done so much to harm online poker's reputation in general.
ezdonkey is offline   Reply With Quote
Old 05-06-2010, 07:00 PM   #4
Jul.Jack
grinder
 
Join Date: Nov 2008
Location: Montreal
Posts: 461
Re: Another hole in UB and AP security?

Quote:
The issue in general terms is that rather than using industry standard SSL encryption Cereus has used a custom form of encoding (not encryption) which can be cracked using the windows calculator.
Wait. Cereus is not using SSL or a similar encryption algorithm? They use some kind of custom encoding?

I am a computer engineer, and let me state clearly that if this is true, THEY ARE ****ING RETARDED. Didn't their code get audited after the last scandal? What kind of incompetent retard would certify that kind of bull**** as safe. It's ****ing criminal incompetence.
Jul.Jack is offline   Reply With Quote
Old 05-06-2010, 07:00 PM   #5
thunderbirdtwo
newbie
 
thunderbirdtwo's Avatar
 
Join Date: Dec 2009
Posts: 47
Re: Another hole in UB and AP security?

Hopefully this sinks AP/UB once and for all
thunderbirdtwo is offline   Reply With Quote
Old 05-06-2010, 07:04 PM   #6
Alobar
Born Ready
 
Alobar's Avatar
 
Join Date: Nov 2003
Location: 3rd turtle from the bottom
Posts: 41,859
Re: Another hole in UB and AP security?

Quote:
Originally Posted by ezdonkey View Post
I can't help but wonder why people still play there.
because lots of poker players are greedy SOBs without a care about integrity or any other concern except for their own bottom line, and they decided it was more profitable even with the risks involved to play there because of the softer caliber of play
Alobar is offline   Reply With Quote
Old 05-06-2010, 07:05 PM   #7
Jul.Jack
grinder
 
Join Date: Nov 2008
Location: Montreal
Posts: 461
Re: Another hole in UB and AP security?

Quote:
The problem is that the Cereus Poker network does not use SSL to encrypt their communications; they use a custom form of encryption which is XOR-based. This form of encryption is known to be extremely weak, and in fact their particular implementation makes it particularly simple to decrypt network data due to an easily discoverable key.
Anyone playing on UB for any serious amount of money NEED to stop playing there immediately if this is true. This is not a small security problem. This demonstrate a level of incompetence so ****ing gross, it's hard to believe. I mean this. This is an extremely serious issue. I'm actually having a hard time believing that it's true.

UB/AP have shown in the past that they couldn't design secure software with their built in backdoor. But this is on another level of stupid.
Jul.Jack is offline   Reply With Quote
Old 05-06-2010, 07:05 PM   #8
Hood
Carpal \'Tunnel
 
Hood's Avatar
 
Join Date: Apr 2004
Location: 99 problems but a TT+ just ship pf
Posts: 6,866
Re: Another hole in UB and AP security?

XOR - that unbreakable encryption standard.
Hood is offline   Reply With Quote
Old 05-06-2010, 07:23 PM   #9
ezdonkey
veteran
 
ezdonkey's Avatar
 
Join Date: Jun 2006
Location: MAKING STEEL
Posts: 2,955
Re: Another hole in UB and AP security?

Quote:
Originally Posted by Alobar View Post
because lots of poker players are greedy SOBs without a care about integrity or any other concern except for their own bottom line, and they decided it was more profitable even with the risks involved to play there because of the softer caliber of play
Well obviously. But then they just have to realize they're taking a conscious risk and stop whining if they get cheated/scammed for huge sums of money.

This pretty much shows too that the Kahnawake Gaming Commission and other certificates are nothing but thin air. It's beyond me how incompetent software developers neglect usage of SSL-encryption in a software that sends and receives highly confidential data.

Just got me thinking that would a company insider, who knows about this flaw, set up a proxy or some sort of server in between UB's final servers and player clients. When you run a trace route from your computer to UB's main server you can see which computer's your poker data packages go through. All these have potential access to this data. However, most of trace router servers are standard ISP servers. But if you place a computer right after the UB's servers which sends and receives data from outer world you could sneak out every UB/AB's user accounts and hole card data.

Tbh, I wouldn't even surprised with the company's shady history that this wouldn't been done already. And the people who have used this info have scammed money from people on the tables on more sophisticated manner so that it's not too obvious and does not show great anomalies in large HEM databases. (E.g. POTRIPPER had like VPIP of nearly hundred, yet his W$SD was also 100% - thus completely impossible without cheating.)

Briefly, STOP PLAYING ON UB/AP.
ezdonkey is offline   Reply With Quote
Old 05-06-2010, 07:23 PM   #10
grizman777
newbie
 
Join Date: May 2008
Posts: 49
Re: Another hole in UB and AP security?

Well time and time again................

People want to believe something is legit.....

Humans mange it....

Money is involved.....

Greed reveals its ugly head....

The sheep get f***ed.

Use your head, don't march onto slaughter.

Internet poker can not be trusted.....

See your opponent...feel the cards....Now thats Poker!
grizman777 is offline   Reply With Quote
Old 05-06-2010, 07:24 PM   #11
Tumaterminator
HOCKEY!
 
Join Date: Jul 2006
Posts: 26,444
Re: Another hole in UB and AP security?

Joe Sebok
Tumaterminator is offline   Reply With Quote
Old 05-06-2010, 07:24 PM   #12
BMVeteran60
newbie
 
BMVeteran60's Avatar
 
Join Date: Jan 2010
Location: Depends on Season
Posts: 48
Re: Another hole in UB and AP security?

If this is true. This is not a mistake any software engineer worth his salt would have made.

That would indicate the same people who designed it did the QA (comically stupid). To be more conspirasy oriented, this would be a design created specifically for exploitation.

I'm so glad I don't play online.
BMVeteran60 is offline   Reply With Quote
Old 05-06-2010, 07:26 PM   #13
Sjors
banned
 
Sjors's Avatar
 
Join Date: Sep 2008
Posts: 623
Re: Another hole in UB and AP security?

Didn't expect ptr to be so proactive about these issues, seeing their nature of business. But after helping with the stox scandal aswell they deserve some credit.
Nice work.
Sjors is offline   Reply With Quote
Old 05-06-2010, 07:29 PM   #14
Alobar
Born Ready
 
Alobar's Avatar
 
Join Date: Nov 2003
Location: 3rd turtle from the bottom
Posts: 41,859
Re: Another hole in UB and AP security?

Quote:
Originally Posted by ezdonkey View Post

Tbh, I wouldn't even surprised with the company's shady history that this wouldn't been done already. And the people who have used this info have scammed money from people on the tables on more sophisticated manner so that it's not too obvious and does not show great anomalies in large HEM databases. (E.g. POTRIPPER had like VPIP of nearly hundred, yet his W$SD was also 100% - thus completely impossible without cheating.)
yeah, honestly if I had to bet on an even money line, id put my money on the fact it IS happening as opposed to isnt. The just gross incopentance and shadiness of that company is mind boggling. And they no doubt have learned from the POTRIPPER scandal and actually steal discreetly now. I mean if I had access to hole cards, I could make it virtually impossible to detect even if you had access to all my hands.
Alobar is offline   Reply With Quote
Old 05-06-2010, 07:31 PM   #15
tk1133
veteran
 
tk1133's Avatar
 
Join Date: Jan 2009
Location: Making friends one post @ a time
Posts: 2,221
Re: Another hole in UB and AP security?

Could somebody post the response from Cereus and the KGC on this matter.
tk1133 is offline   Reply With Quote
Old 05-06-2010, 07:35 PM   #16
ezdonkey
veteran
 
ezdonkey's Avatar
 
Join Date: Jun 2006
Location: MAKING STEEL
Posts: 2,955
Re: Another hole in UB and AP security?

Quote:
Originally Posted by tk1133 View Post
Could somebody post the response from Cereus and the KGC on this matter.
"Yo, we sorry! As a sign of good faith we wish to offer you this 100% up to $600 reload bonus."
ezdonkey is offline   Reply With Quote
Old 05-06-2010, 07:38 PM   #17
Sjors
banned
 
Sjors's Avatar
 
Join Date: Sep 2008
Posts: 623
Re: Another hole in UB and AP security?

Quote:
Originally Posted by ezdonkey View Post
"Yo, we sorry! As a sign of good faith we wish to offer you this 100% up to $600 reload bonus."
"(which will be deducted from your rakeback)"
Sjors is offline   Reply With Quote
Old 05-06-2010, 07:38 PM   #18
Hood
Carpal \'Tunnel
 
Hood's Avatar
 
Join Date: Apr 2004
Location: 99 problems but a TT+ just ship pf
Posts: 6,866
Re: Another hole in UB and AP security?

Quote:
Originally Posted by BMVeteran60 View Post
If this is true. This is not a mistake any software engineer worth his salt would have made.
Right. This isn't a "woops there's a security whole, not sure how that got there". This was a clear design decision by someone by a team who have no idea what kind of security measures need to be put in place.

This is an exceptionally amateurish mistake that should never have gone past the design stage, and should have been caught in security audits and QA testing.
Hood is offline   Reply With Quote
Old 05-06-2010, 07:40 PM   #19
Psycho Boy Jack
old hand
 
Psycho Boy Jack's Avatar
 
Join Date: Jul 2006
Location: hell
Posts: 1,746
Re: Another hole in UB and AP security?

im glad i dont play online.
Psycho Boy Jack is offline   Reply With Quote
Old 05-06-2010, 07:41 PM   #20
NemoInDeniaL
Pooh-Bah
 
NemoInDeniaL's Avatar
 
Join Date: Feb 2008
Location: In my mind
Posts: 5,697
Re: Another hole in UB and AP security?

Quote:
Originally Posted by Tumaterminator View Post
Joe Sebok
on top of things?
NemoInDeniaL is offline   Reply With Quote
Old 05-06-2010, 07:42 PM   #21
Sponger.
Carpal \'Tunnel
 
Join Date: May 2004
Posts: 20,593
Re: Another hole in UB and AP security?

Quote:
Originally Posted by Sjors View Post
Didn't expect ptr to be so proactive about these issues, seeing their nature of business. But after helping with the stox scandal aswell they deserve some credit.
Nice work.
Not really. I emailed them 5 days after the stox scandal broke and told them they should investigate or release hand histories so other people could look at it and they replied with

"We appreciate you writing into PTR, but unfortunately, things like this are out of our hands. The poker rooms themselves should be contacted and they can do the research since they have ways to track this better than we could."
Sponger. is offline   Reply With Quote
Old 05-06-2010, 07:42 PM   #22
level 4-3
adept
 
level 4-3's Avatar
 
Join Date: Apr 2010
Location: on the move
Posts: 853
Re: Another hole in UB and AP security?

All i can say or do anymore about these kind of stories and the thoughts i have about all the ones that never get detected or found out is this..........
hahahahahahahahahahhahahhahahhhashhahhahhahhahahah ahahahaha
hahhahhahhhahahhaaahahahhahahahahahahhahaahhahahha hahhahaha
hahhahahahahhaahhaahhahahahaahahahahahahahhahaahha hahahahhah
ahahhahahahhahahhahahahahhahahhahhahhahahhahahhaha hahhahaha
hahhahahahahahahhahahahahahahahahahhahahahahhahahh ahahahha
level 4-3 is offline   Reply With Quote
Old 05-06-2010, 07:43 PM   #23
ibluffoldladies
old hand
 
ibluffoldladies's Avatar
 
Join Date: Feb 2007
Location: 3-betting your grandmother
Posts: 1,275
Re: Another hole in UB and AP security?

Quote:
Originally Posted by Hood View Post
This is an exceptionally amateurish mistake.
I think it's safe to assume that it wasn't a mistake.
ibluffoldladies is offline   Reply With Quote
Old 05-06-2010, 07:46 PM   #24
Hood
Carpal \'Tunnel
 
Hood's Avatar
 
Join Date: Apr 2004
Location: 99 problems but a TT+ just ship pf
Posts: 6,866
Re: Another hole in UB and AP security?

Quote:
Originally Posted by ibluffoldladies View Post
I think it's safe to assume that it wasn't a mistake.
That's a huge assumption
Hood is offline   Reply With Quote
Old 05-06-2010, 07:46 PM   #25
bingobars
old hand
 
bingobars's Avatar
 
Join Date: Oct 2008
Location: Flavour Country
Posts: 1,844
Re: Another hole in UB and AP security?

Quote:
Originally Posted by Alobar View Post
because lots of poker players are greedy SOBs without a care about integrity or any other concern except for their own bottom line, and they decided it was more profitable even with the risks involved to play there because of the softer caliber of play

Softer play eh???
bingobars is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 10:23 PM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright 2008-2020, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online