Table Finder
Cereus has just updated to include SSL support, aimed at fixing the security vulnerabilities we previously disclosed at http://www.pokertableratings.com/blog/2010/05/ptr-security-alert-cereus-poker-network/
We’re in the midst of auditing it at the moment. We will post details as they come in.
Update 1 @ 5/14/2010: The update seems to use OpenSSL ONLY for player actions such as hole cards, bets, etc – we have already been able to hijack a test poker account using the exact same methods. More to follow
Update 2 @ 5/14/2010: We’ve re-run all tests and can confirm that we are still able to hijack logins by sniffing the network, this is not by hacking someones individual computer, but the same exact security hole as before. We can confirm that it is now impossible to steal hole cards using the previous exploit
Update 3 @ 5/14/2010: Cereus acknowledges issue via e-mail “Thanks for getting back to me and bringing this to my attention. Our developers are working on resolving this issue right now and will follow up with a second update later today that will fix this.” This is great news, we will verify the fix as soon as it goes live.
Update 4 @ 5/16/2010: Cereus patched again and have informed us they believe the issue is solved. We’re attempting to confirm this via testing and will report back soon.
Update 5 @ 5/16/2010: We can confirm that SSL is now being used everywhere for Cereus. The login vulnerability no longer exists. We’re now ensuring a proper implementation, but it seems like the biggest problems have been addressed.
Tags: SSL
A
@PTR. Please skip Cereus off your site. Add Ongame instead.
its so funny that this site is truly a scam, ive told there support 3 months ago that something was going on, they blow it off as if they don’t care!
LOL :D
Cereus is a joke site, bunch of apprentice programmers who work for free, and earn money by stealing from players.
During the server restart associated with the first update, I was playing 3 tables of 10nl. I had money invested in the pot at each table when the server restarted. Guess what happened to the money in the pot? Noboday knows!!!!!!!! Support won’t even get back to my e-mails. I am done with that joke of a site.
Also, Cereus was arrested for drunk driving early this morning!
last sentence:”We can confirm that it is now impossible to steal hole cards using the previous exploit”
Does this mean Cereus is safe?
“We’ve re-run all tests and can confirm that we are still able to hijack logins by sniffing the network”
I think it’s that sentence that you should be concentrating on ;) Your hole cards are safe, your account is not.
Dameon
lol seriously this is ridiculous how can a site be this incompetent?
what is the big commotion about? players have choices, the most full proof method of avoiding cheating/security hole/trust issues at cereus is simply to not play there … i dont’ understand why so many ppl continue to play there when it’s just as easy to play stars or tilt …
security/trust is a huge factor with online poker … if cereus wasn’t proactive enuf to be on top of these issues, people should not play there … the burden should not be on the poker community to discover security issues and inform them … the burden should be on cereus to protect the players as much as possible … they are not fulfilling their fiduciary duty on an acceptable manner …
the fix is easy … just play somewhere else …
Just a question to understand the situation perfectly:
Is a cereus-account unsafe when using a private password-protected network?
@Raikaclaws: The same rules apply as our original post on the matter suggests http://www.pokertableratings.com/blog/2010/05/ptr-security-alert-cereus-poker-network/
It’s all levels of risk.
Yes, very easy to bash when everyone’s bashing, right mboyle? I play at Cereus for three years now, they have great customer service, including live chat. They response time is very very quick. I have full confidence that all issues will be fixed and overall it’s quite over-hype.
I think its great that you guys are doing this audit but I’ve heard quite enough of cereus for now. How long till some new topics hit the front page?
bad players never realize why they lose money. funny the 10nl players are concerned that someone is going to hack them for their 55 dollar roll.
Lol Armor….you must not have read my post. Read it again. You would be pissed if u were in the same situation as me. Read it again….lol.
OMG I just heard about this!
Im tempted to go and play about on Cereus network tonight! Just for educational purposes of course :)
Hopefully something good will come across.
No matter what they do, you’d have to be a fool to ever play there again. Stars FTW hands down!!!
You know PTR, for having a site that dosent work properly half the time, and seems to miss a majority of big hands played, you sure are pointing alot of fingers.=)
cant believe cereus…
I just listened to the PTR interview on Cash Plays. You guys are great with super integrity. I love the questions that you are posing and will be shocked if they give you the answers to them. Keep up the great work.
lol LazYguY you’re equating a site not having perfect information to a site making it extremely easy for your pw to be hacked? No one ever lost money because PTR missed hands, plenty of people have lost tens of thousands of dollars because their account got hacked. Also PTR I still hate your site and I think the entire premise of the site is helping to destroy online poker but gotta give credit where it’s due thanks for exposing this and helping inform the poker community of the updates.
@zachvac: …thanks? ;)
lmao still not secure.
Great work, PTR!
I’m just curious if you track non-US poker rooms same way?
Thank you PTR for the research and hard work on this. I have no more questions. Whatever that poker network (not worth the name imho; since an online poker room/network should first and foremost be secure) is going to come up with, I am not going to trust them with my money. And never will, since they don’t even succeed in securely transferring data from client to server and back – apparently genuinely believing themselves that things are secure (even after being pointed to the weakness and having had the chance to change things).
Cereus get serious
news f;ash stars and ftp aren’y any safer who knows who controling the strings behind closed doors
hey dameon does Stars and Tilt have this problem too?
Don’t play there, cereusly
@dameon I mean you datamine and break TOS and give away info on players’ games for money. You don’t really expect poker players to like you right? But like I said gotta give credit where it’s due I’m not smart enough to be able to check that stuff and you’re keeping people informed, even if the motives are selfish.
@REturnofzx you’re kidding right? Cereus has had like 5 different scandals, Stars/FTP have had none. stars/FTP actually use software developed by people who know what they’re doing, Cereus seriously has the feel of some high school kid who wrote it for a project. The waitlists are terrible and basically it just seems super amateurish. I’ve never trusted them since the super-users but never thought they’d be THAT incompetent. Ask anyone who has a clue about serious software development and you’d realize this would not pass even the basic initial security testing, let alone thourough testing they claimed was conducted when they merged. Playing on Cereus is like playing in a fishy home game where the sketchy host plays and deals all the hands. Some people play there because they can win even with the risk of cheating but no one has any room to complain if they play there and get hacked/robbed due to negligence or holes in the Cereus software. Stars/FTP have excellent software that was clearly developed by professionals. If you think they’re no more safe how about some proof?
Wow, I am so glad I got a hefty $125 no deposit bonus on Absolute. Feels so good with all this going down now, especially since I was able to play a little on there before the news broke. Of course, it feels even better to have other no deposit bonuses on the Merge Network and deposited money on Full Tilt so as to have an alternative. Furthermore, the lack of a time limit to fulfill my no deposit bonuses makes this whole fiasco less than an inconvenience, because it’s not like the clock is ticking to get the APP’s I need. Whether it takes 5 more days or 5 more weeks to get Cereus secure, I CAN WAIT! B-)
its simple..DONT PLAY THERE, easy problem solved
DO NOT PLAY THERE… PERIOD,.. END OF STORY…
#1) THEY DIDN’T CARE ABOUT YOUR PROTECTION WHEN DESIGNING THE SOFTWARE
#2) THERE IS A HUGE SECURITY LEAK. THEY SAY THEY FIXED IT. AND IT’S NOT FIXED.
#3) THESE PEOPLE ARE MURDERING CRIMINAL BLOOD DRINKERS. DO NOT SEND ONE MORE CENT OF ANY MONEY TO THEIR SERVERS.
THEY DONT GIVE A SHIT ABOUT YOU
THEY DONT CARE IF THEIR SOFTWARE LOOKS LIKE A 3 YEAR OLD GIRL MADE IT
THEY DONT CARE ABOUT YOUR SAFETY.
THEY NEVER CARED TO BEGIN WITH.
DO NOT SEND THEM ANY MORE MONEY.
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
BOYCOTT, REVOLUTION TELL THOSE MURDERERS WE WILL NOT SUPPORT THEM ANY MORE!!!!
Have we heard from Annie Duke or Phil Hellmuth lately?
I just love the personalized letter from the CEO with his full-on boss assurance that this issue be fixed in a matter of hours through his crack team of amateur programmers. What salvation!
What’s even more funny is how PTR decides to blow up their exposure themselves by getting directly involved, making us all think they are this altruistic mediating party without any ulterior motives. Get REAL.
ITS ALL ABOUT THE CHEESE!
Make some news and splash around. Nice one PTR, grab everyone by the balls.
hoku u must of listened to the poker cast
thanks again for doing this.
igdoof is right. Everyone is free to make their own choice. Let the free market decide where they want to take their business. I will not be giving my rake to Cereus.
I am not one to blame sites, just the ineptitude of bad players. But when ones winrate goes form winning player over 18 months, then joining the Cereus network and winrate drops 8X as compared to other sites (over 200k hands). There is something truly wrong in the software and I will be not coming back to Cereus. Can’t trust them. Period!!!!
Not sure why people are jumping on PTR’s throat, they are our voices. If all you can do better, please audit the software and post it in your bloody site.
I haven’t played on the site since the potripper scandal.ABSOLUTE NO CHANCE I WILL EVER PLAY ON IT AGAIN.
It looks like they just updated the site not sure if this is for the ssl issue
Cereus is a rip you can play pennys 1 day and profit 12 bucks. Thats a 300 big blind profit. The next session its like a suck out city on your ass. Change tables no problem the suck outs follow, then the tilt factor kicks in, then more suck outs and then your pissed at your girl cause all your pennys are gone. Sorry cereus, you lost. Stop dumping files on my desk top. Stop booting me off when I am running hot. Stop dealing me AK they never hit. I am not mad about losing $180 I have spent more on a round of golf. I am pissed that I see the same group of players playing 8 hours at a time. Then the next group show up for their 8 hour shift. But they never play at the same time. hmmm. (could workers be playing?) I live in California where card games are legal and slots are not. So Cereus get real and stop acting like you shit is legit.
woops 600 no wounder i lose. lol
I was a littly tilty when I wrote this sorry about the typo’s. But I have been booted a couple of times on streaks and their program has dumped files on my desk top. Some times while I am in a game at a table and I check the cashier it has asked me to sign back in. That seems to happen alot. I like UB they just need to get it together.
LOL, so much strife here from people that obviously deposited on a network with security/fidelity issues and HORRIBLE software (at least Absolute) . . . I FEEL SORRY FOR YA’LL! NO DEPOSIT BONUSES FTW!!!!!! X-D X-P X-D
the question now is , is ub poker save now or still not.
PTR goes to do more tests?
thks
Why would it matter if a site that cheats has SSL anyway