Was the latest update UB's attempt a a cure?

I don't think anyone would want them to contact UB first anyway, this way we get the real information and not a massive cover up. As much as I oppose data mining, I oppose people looking at hole cards a little more.

He's tired of the witch hunt obv.

If UB have really implemented SSL security within hours, it mean they already had this implemented prior, and they've just flipped a switch. To be honest that looks even worse.

From @joesebok:

I thought the latest update was to fix the issue with seeing player's hole cards after a hand ended?

This.

I thought that came in the update 2 days ago or so? There was a new one in the past few hours

http://blog.ultimatebet.com/2010/05/encryption-issue/

Paul Leggett:
"We are currently working on implementing a new encryption method and we expect to have it live in a matter of hours."

Kevin is this possible

unless it was already being developed well before this scandal broke no.

yeah or by next month...or by next year if I still remember...(will remember my paychecks yo)

No, if you're a white hat security professional you should notify the vendor ahead of making it public so they can begin work to remedy the issue. Irregardless of UB's actions in the past, it's the proper thing to do.

Well, there was a thread started here on 2+2 over a week ago about issues there:

http://forumserver.twoplustwo.com/19...e-fold-772028/

Yeah, there's no way this gets fixed for a few days. Rushing out a fix would be a mistake because it'd likely break another thing. Do the proper QA cycle and make sure this fix doesn't break another thing.

Anyone else amused that Cereus is an anagram of secure?

I'm a software engineer and my company was tasked with adding FIPS 140-2 encryption to our client-server application. It took us approximately 5-6 months to properly implement and test it. Admittedly, we had a small team of 4-5 developers, but having this done "within hours" of it being discovered by an outside source is laughable at best. Basically, what others have stated is accurate: If it is done within hours, it means it was already implemented and a switch was turned on once it was discovered. No chance that proper encryption can be implemented that fast.

That seems to be a different issue altogether.

LOL, I hope UB/AP die

Fair enough; I wasn't certain either way. If so, consider it yet another example of their incompetence.

Nobody really knows who is writing code for the company now. The CTO of Excapsa started a subsidiary called RealTimeEdge several years ago which handled all programming and software updates. When Excapsa dissolved, this company was not included in the asset sale to Blast Off, though they did continue on in a support role for the new company; likely as a contractor.

Now, RTE is very busy because with the impending default of BO against the promissory note, Excapsa (now Aspacxe, seriously you cannot make this **** up) made a deal to take back the software IP which they have apparently been using to write/modify/or emulate in a new product/site called Spotlight poker which is set to be rolled out. Since RTE is a soon to be competitor to UB/AP along with the already contentious situation between the original company and the licensor/purchasor, its possible CEREUS doesn't really have much in the way of programming resources at all.

This is all very bad. Having said that, I will take the under that traffic doesn't drop more than 10% in the next month as rated by Pokersitescout. There is no shortage of people who play slots at rural tribal casinos when the yellowhammer guys will actually tell you the payouts are set in the mid 70 percent range. And for whatever inane reasons they give, people will continue to deposit and play poker at UB/AP along with vapid player reps and besotted management shills.

In before Joe tells us how they have everything fixed and are once again among the most secure sites in his honest opinion and Paul Leggett still has a job.

also suck it hellmuth.

Someone needs to photoshop Seebs into this.

Weren't they forced to make a big deal about changing the software after the superuser scandal to show the "auditors" that such an insider account wasn't possible anymore? So they just left this vulnerability in on purpose to have another way to do it. I mean there has to be a pretty good chance these criminals have continued to steal from players after learning to do it in more subtle ways.

Not sure why everyone is so focused on your cards being able to be sniffed. Your login credentials are passed in the clear! Who cares what cards you have when someone can just login as you and chip dump.

I just find it annoying, and progressively distressing, that my hole cards are being mined by Bluetooth. This is like the Breaking Bad of online poker.

so fkn fake.

annie, phil, joe, mark seif, and all the online guys that are sponsered by UB/AP are all fkn crooks too. getting paid by stollen, cheat money by a cheat company. who wants to argue that a company that is fkn crooked and cheats pays its sponsered players with legit clean money? every dollar is dirty. who wants to argue me???????????????????????