Lee Jones saves the day.

At the thought of losing a customer, he jumps right on it. Wish he would respond to other lingering questions ITT that fast.

I am just curious ..has the player count dropped at cake since this started

He is OK. Tenacious and courageous.

It's dropped by at least one

Which of the big 4 accounting firms will you be using for the audit Lee?

lol the offices of Cake can handle their own audit and give a fair, independent conclusion.

Yeah, and like it's anybodies business but Cake's anyway.

Fulltilt has the same file [ssleay32.dll] in their directory that was called for by the experts. The experts and PTR said to look for a certain file and it is clearly visible in the Full Tilt file location. However, I don't see that file in some other sites files. Can those other sites answer the hard questions. We just take their word for it? I would like to play on Doyles Wednesday nights in their 50k bounty and not have everyone leaving the site. That is my part in this. I'd like to know what, if any, is the conflict of interest of all these "experts" who think all the players on Cake should bail?

I think that PTR would of called out any other site that had any security problems.

audit Cake's "R"NG while you at it!

yeah its pretty silly he pops into answer that question while ignoring the more important and pressing concerns, but with how they've handled things so far can we really expect anything else?

That's just one way to implement SSL in your application. That is the free OpenSSL implementation. It isn't the only one, and there are lots of paid/licensed implementations, including embedding it in your own exe code.

read it again.
Lee Jones says this: No system is 100% secure and each person must weigh the relative convenience of access
A third party says this: our server-client communication is now 100% secure

Yes, I realised this. So in effect Lee Jones or nobody else at Cake poker is willing to state their site is 100% secure. They only state a 3rd party says it is 100% secure. Someone asked if Cake is safe to play on and this is Lee's response?

Last time someone told Lee the site was secure resulted in this fiasco. I would have thought he would be a bit more thorough this time around.

What is your point? If anyone tells you any complex communication system is 100% secure, they are either wrong or lying to you.

So, in effect, Lee Jones or no one at Cake Poker is willing to be wrong or to lie.

At least two

What 3rd party is this?

So basically Lee's statement is worthless?

He is trying to imply Cake is 100% safe, as reported by a "3rd party", but who in their right mind would verify something as 100% safe?

Auditing firms do not even give this level of assurance.

I think Lee's comment about the current safety of the encryption was referring to PTR's statement? Not sure though.

I think it's obvious that Lee meant that network communications have been secured and are up to par with industry standards (PTR seems to confirm), and if so the risk level is acceptable.

It is sort of accepted in the industry that reasonable security happens when it becomes more expensive to attack the system than any potential gains (adjusted for probability of success) from an attack.

From Schneier (http://www.schneier.com/essay-037.html):

No one can guarantee 100% security. But we can work toward 100% risk acceptance. Fraud exists in current commerce systems: cash can be counterfeited, checks altered, credit card numbers stolen. Yet these systems are still successful because the benefits and conveniences outweigh the losses. Privacy systems--wall safes, door locks, curtains--are not perfect, but they're often good enough. A good cryptographic system strikes a balance between what is possible and what is acceptable.

[...]

The good news about cryptography is that we already have the algorithms and protocols we need to secure our systems. The bad news is that that was the easy part; implementing the protocols successfully requires considerable expertise. The areas of security that interact with people--key management, human/computer interface security, access control--often defy analysis. And the disciplines of public-key infrastructure, software security, computer security, network security, and tamper-resistant hardware design are very poorly understood.

Did they say it's 100% safe?

Can not find an article stating this.

If not then is this not more BS coming from Cake?

How can we determine what Lee meant? After everything else that has been reported by him? I know exactly what it means to measure the cost of control against the risk.

But it was Lee that said a 3rd party stated the system is 100% secure. Should we not know who that 3rd party is and get their confirmation?

you have already admitted that you realize that no system can be 100% secure, yet you yammer on about what 3rd party said it was.
do you have a point?