Latest entries | Category Security | PokerTableRatings.com

Cake Poker Re-Releases SSL

Game Security Cake Poker has released an update that includes SSL encryption for the second time. We can verify that the data stream is SSL encrypted on both the standard software and the beta client. We have been unable to reproduce any of the vulnerabilities we detected previously.

We have not been able to verify that the SSL implimentation has been rolled out to all of the individual skins.

If you’d like to be sure that your Cake network skin is safe and are using the classic client, navigate to the install directory of the skin (generally C:\\Program Files\\SKIN NAME, where SKIN NAME is the name of your skin) and check for ssleay32.dll. If ssleay32.dll is not contained in the skin installation directory, then your skin is not safe to play.

PTR Security: Cake Poker adds (some) SSL UPDATED

Game Security On Monday July 26th PTR released a bulletin examining a Cake Network security vulnerability that allowed access to sensitive information in the data stream. The Cake poker representative on 2+2 Lee Jones acknowledged the issue last week, and promised a fix. Last night on Tuesday August 4th Cake released a patch which does add SSL support to the OLD Cake client only.

PTR Security has reviewed the patch and we are happy to announce that this appears to be a correct implementation of SSL using the industry standard OpenSSL library. The vulnerability seems to have been resolved in full for the version 1.0 Cake client. The Beta client is still insecure and is NOT SAFE TO U SE. If you are going to resume play on Cake, please refrain from using the Beta client. When a patch comes out for the Beta client we will review it as well.

Please note that this patch appears to have not rolled out to at least some of the skins of Cake Poker. Presumably they will be be rolling out this patch to their skins as well shortly. If you’d like to be sure that your Cake network skin is ...

PTR Security Alert: Cake Poker Network

This article serves as a companion article to the security advisory PTR has released which is viewable at: Cake Poker Uses Weak Encryption. It is intended to explain the severity and implications of this security risk to the broader non technical poker playing audience. UPDATE: Cake Poker has added an SSL layer to their encryption. We are currently looking into the implementation.

Overview

PTR Security has uncovered a serious vulnerability in the network encoding used for the Cake network. This encoding leaves player’s accounts as well as hole cards vulnerable to being stolen by any third party who is in between the player and Cake’s servers, as well as anyone who can snoop on their traffic. This means that players on wireless networks (especially unsecured ones) are at particular risk.

This security vulnerability is almost the same as the previous vulnerability we uncovered at the Cereus poker network, which has now been resolved, but there are a few significant differences which will be discussed in the “Special Notes” section.

We believe this vulnerability applies to every Cake network skin (our testing was limited to Cake poker and Doyle ...

PTR Security Alert: Cake Poker Uses Weak Encryption

Game Security

Cake Poker Network uses weak encryption, poor security practices.

Release Date	2010-07-26
Last Update	2010-08-04

Severity	Critical
Impact	Exposure of sensitive information
Where	Network access required
Solution Status	None

Poker Sites	Cake Poker, Cake Poker (beta), Doyle's Room, RedStarPoker.com, Unabomber Poker, Intertops Poker, Sports Interaction

Description:
The Cake poker network uses a weak xor based encryption mechanism for all network transmissions instead of the industry standard SSL. The encryption key is sent in plain text and can be used to dump data from the datastream to the cake client application.

In our lab we are able to intercept and decode the user's login name (e-mail address), screen name, and password in plain text, as well as their seat number and hole cards. We've also been able to remotely display all seat numbers and hole cards on a compromised network.

All proof of concepts have been shown to work over a compromised WPA2 encrypted wireless network as well as unencrypted wireless networks, and physical network access (either through a hub, ARP man in the middle attack, or otherwise).

Solution

Vendor has been notified of the vulnerability and advised to upgrade ...

July 26, 2010
Articles, Security
6 comments

Cereus Patch adds SSL, Update: SSL live

Cereus has just updated to include SSL support, aimed at fixing the security vulnerabilities we previously disclosed at http://www.pokertableratings.com/blog/2010/05/ptr-security-alert-cereus-poker-network/

We're in the midst of auditing it at the moment. We will post details as they come in.

Update 1 @ 5/14/2010: The update seems to use OpenSSL ONLY for player actions such as hole cards, bets, etc - we have already been able to hijack a test poker account using the exact same methods. More to follow

Update 2 @ 5/14/2010: We've re-run all tests and can confirm that we are still able to hijack logins by sniffing the network, this is not by hacking someones individual computer, but the same exact security hole as before. We can confirm that it is now impossible to steal hole cards using the previous exploit

Update 3 @ 5/14/2010: Cereus acknowledges issue via e-mail "Thanks for getting back to me and bringing this to my attention. Our developers are working on resolving this issue right now and will follow up with ...

PTR Podcast: Cereus to answer player questions?

Cereus is laying it on the table, what do you want to know? What would it take to make you trust them with your roll?

Update 5/12/2010: So this is our current list: - Security Concerns (SSL Implemented properly, etc) - Collusion Concerns (Best handing) - User Privilege Concerns (Is a super user still possible?) - Outliers (Unbelievably big winners, double jackpot winners, etc) - Financial Concerns (How is the player's money treated) One question I have for you guys: Is the random number generator really something you want us to look at? That is basically the one component that IS audited, shouldn't we concentrate our efforts on the ignored questions?

Mp3 of Podcast

PTR Podcast 5-11-2010

Cereus Security Update May 7th

Game Security PTR has been in contact with the Cereus Poker Network since publishing our discoveries about their encryption method. They have asked us to participate in auditing and testing the new forms of encryption they are currently implementing which we have agreed to do. They have also recently released an update which has broken the method we had previously used to compromise sensitive data. That being said, users should not assume they are safe until SSL is fully implemented and should continue to follow the recommendations in our security update.

We have also discussed the possibility of conducting a more in depth audit of the Cereus Poker systems. We believe this is a unique opportunity for the poker community to voice their opinion about what they would like to see verified and tested in order to feel safe playing on any poker network. PTR is in the position of being able to verify any data provided for auditing purposes as authentic. We also have significant experience in dealing with all major poker client software. We've started a thread in our forums for discussing what poker players would like to see in any such audit here.

Cereus Poker Security Response

Game Security Cereus Poker has responded to our communications with them regarding their network vulnerability. They have requested that we post this email here and we agree that keeping the public informed about progress toward a solution is the best course of action. We also appreciate their candor in communicating with us.

Hi Dameon,

We really truly appreciate the email you have sent us regarding the vulnerability in our encryption. I just became aware of your article 30 minutes ago and I have read your article and watched the video. I think you have done a great thing for the poker community by emailing us and letting the community know about it. Thank you for that.

I would also like to express how seriously we take this issue. I’m expecting to have a solution in place in a matter of hours and I would really like to discuss engaging your company to help us test the solution, if your company provides such services.

I would greatly appreciate it, if you could paste the contents of this email on your website, so your followers are assured that we are aware of the issue and we are working diligently to address it.

I ...
Continue Reading

PTR Security Alert: Cereus Poker Network

This article serves as a companion article to the security advisory PTR has released which is viewable at: PTR Security Advisory: Cereus Poker Uses Weak Encryption. It is intended to explain the severity and implications of this security risk to the broader non technical poker playing audience.

Overview

PokerTableRatings has discovered a critical flaw in the Cereus Poker software which affects both Absolute Poker and Ultimate Bet, allowing an attacker to hijack victim’s poker accounts and display their hole cards in real time. We have alerted the Cereus Network to this vulnerability, providing them with source code necessary to demonstrate the problem. We hope our e-mail and this bulletin are sufficient motivation for them to fix the problem.

We have no way of knowing if this exploit has been discovered and used to steal from Cereus users, but it seems unlikely. It is our hope that this information will allow Cereus users to protect themselves.

The issue in general terms is that rather than using industry standard SSL encryption Cereus has used a custom form of encoding (not encryption) which can be cracked using the windows calculator.

For interested readers we’ve explained the vulnerability in as non technical ...

PTR Security Advisory: Cereus Poker Network uses weak encryption

Game Security

Cereus Poker Network uses weak encryption, poor security practices

Release Date	2010-05-06
Last Update	2010-05-06

Severity	Critical
Impact	Exposure of sensitive information
Where	Network access required
Solution Status	None

Poker Sites	Absolute Poker, Ultimate Bet

Description:
The Cereus poker network uses a weak xor based encryption mechanism for all network transmissions instead of the industry standard SSL. The encryption key can be easily identified from a network dump and used to decrypt all information transmitted between the client application and the Cereus servers.

In our lab we are able to intercept and decode the user's login name (e-mail address), and receive an MD5 hash of their password, as well as their seat number and hole cards. Once the MD5 password hash has been intercepted, we've been able to log in using the intercepted login name by overwriting the outgoing login packet with the intercepted MD5 hash - thus logging in the victim's poker account without their knowledge, remotely.

We've also been able to remotely display all seat numbers and hole cards on a compromised network.

All proof of concepts have been shown to work over a compromised WPA2 encrypted wireless ...