alex_theBoss_ross Posted May 21, 2006 Share Posted May 21, 2006 "Don't don't don't don't believe the hype." -public enemy. So we all have god-knows how many bits of poker software installed.. I happened to be looking thru my pc's registry and discovered to my HORROR :@ that CDPoker and Noble Poker store your username and password ...IN PLAIN TEXT on your PC. [and no doubt the rest of the ipoker network or whatever it is called] Sure they store your password in encrypted form, but also in unencrypted form [to check this out, run regedit, search for Club Dice Poker (if using cdpoker), or Noble etc, and you will see it for yourself.] What does this mean to you ? well it means that someone can write a worm/virus which reads this data from your registry, and sends it to them..via a dodgy email address, or via an IRC channel. we have all heard stories of peoples' poker accounts being emptied by some mr.shady somewhere, with no come-back. Beware, Be warned, and for god's sake - wake up poker companies. this is not acceptable (or as super-nanny says- not asceptible) Alex Quote Link to comment Share on other sites More sharing options...
brael Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype yikes... anyone know of a safe way this can be removed?? :eek Quote Link to comment Share on other sites More sharing options...
Valiant23 Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype It is under HKEY_USERS. I've deleted the un-encrypted entry from my machine......... Lets see what happens..........:unsure Quote Link to comment Share on other sites More sharing options...
GaF Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype This is extremely scary and absolutely unacceptable from the poker rooms!!! I don't have CD poker. But Noble - my password is encrypted ...... Have done a search in my registry for the usual "base" to my password and it hasn't found it at all ......... Quote Link to comment Share on other sites More sharing options...
brael Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype It is under HKEY_USERS. I've deleted the un-encrypted entry from my machine......... Lets see what happens..........:unsure BOOOMMMM!!! My 1000th post!!! :nana I need to get a life... :sad :rollin Quote Link to comment Share on other sites More sharing options...
Valiant23 Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype Congrats Brael. :clap :clap :clap :clap Well I've deleted the relevant value and so far have had no ill effects.:hope Quote Link to comment Share on other sites More sharing options...
slick mick Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype I looked at this recently when trying to reinstall a clean cdpoker. It's actually in two places in the registry. Quote Link to comment Share on other sites More sharing options...
brael Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype Just as worrying is that I can't find anywhere in CD Poker that lets you change your password. If anyone knows better please let me know. :cheers Quote Link to comment Share on other sites More sharing options...
kevsul Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype :clap :clap Well done brael.:ok Quote Link to comment Share on other sites More sharing options...
kevsul Posted May 21, 2006 Share Posted May 21, 2006 Re: Secure poker software- Don't Believe the hype Cant see any passwords.. Just numbers and funny letters so i guess i am ok :ok Quote Link to comment Share on other sites More sharing options...
Hodgey Posted May 22, 2006 Share Posted May 22, 2006 Re: Secure poker software- Don't Believe the hype Hmmm, just found my username and password for Jungle Poker in my registry. :unsure Deleted it. Can't find the CDPoker one though. Quote Link to comment Share on other sites More sharing options...
alex_theBoss_ross Posted July 5, 2006 Author Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype Bump http://www.billrini.com/2006/07/05/unsafe-poker-rooms/ poker770 is vulnerable! and apparently (someone told me on msn) they store the passwords in PLAIN TEXT. might be worth emailing or commenting on rini's blog Quote Link to comment Share on other sites More sharing options...
H1ghlander Posted July 5, 2006 Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype Any software that you have remember password and username ticked is vulnerable simply because it will put the username and password in the registry this came to light after someone i know online lost a large sum of money from his account on party, the worst part about it they are aware of the security flaw and yet do nothing to warn all players Quote Link to comment Share on other sites More sharing options...
alex_theBoss_ross Posted July 5, 2006 Author Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype Any software that you have remember password and username ticked is vulnerable simply because it will put the username and password in the registry this came to light after someone i know online lost a large sum of money from his account on party' date=' the worst part about it they are aware of the security flaw and yet do nothing to warn all players[/quote'] it is stored UNENCRYPTED. encrypted it is practically useless (you don't know their encryption algorithm do you?) Quote Link to comment Share on other sites More sharing options...
daftpegasus Posted July 5, 2006 Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype The password is stored in the registry for poker770. Thanks for letting me know Alex Quote Link to comment Share on other sites More sharing options...
morlspin Posted July 5, 2006 Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype deleted mine too...ty! Quote Link to comment Share on other sites More sharing options...
H1ghlander Posted July 5, 2006 Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype Dont know Alex i dont play on party i have never downloaded it what i quoted was an admission to the person who lost the money by party i have no reason to disbelieve this person he is probably one of the biggest winners on pl omaha hi-lo. one can liken him to barry greenstein absolute gentlemen who donates a proportion of his winnings to charity Quote Link to comment Share on other sites More sharing options...
Doddsy Posted July 5, 2006 Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype Very worrying. Thanks for bringing this to our attention Alex, I tend to stay aware from looking at the registry as always afraid I'll wipe something I shouldn't but this definetly needs wiping! I've deleted mine as well but was only on CD and Noble on my machine, couldn't find any under any of my other accounts unless I was looking in the wrong place Quote Link to comment Share on other sites More sharing options...
Galronix Posted July 5, 2006 Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype If your firewall is setup properly and you have decent anti virus there is no need to panic Quote Link to comment Share on other sites More sharing options...
alex_theBoss_ross Posted July 5, 2006 Author Share Posted July 5, 2006 Re: Secure poker software- Don't Believe the hype If your firewall is setup properly and you have decent anti virus there is no need to panic simply not true. new vulnerabilities = new worms, trojans and virii .. all of which can grab you pw. there is simply no excuse for these companies' lack of professionalism -or indeed the software houses that develop this so-called software (lol) Quote Link to comment Share on other sites More sharing options...
alex_theBoss_ross Posted July 6, 2006 Author Share Posted July 6, 2006 Re: Secure poker software- Don't Believe the hype - Part 2 ! 8click here for the full story). Noble’s response was that this really isn’t an issue at all. According to Noble, “we would like to inform you that once your account was set in the ‘auto login’ anyone can login and play using your account. For your security we advised that you disabled the auto login option. In order to do this, once your online just click on ‘my accoun’†Of course, they forget to mention that auto login is the default setting. I responded back to them and included a screen shot of my registry showing that despite having the “auto login†unchecked, my information was still stored in plain text in the registry. I received another response from Noble stating “player’s usernames and passwords are really stored in the registry, this is the way our software is designed. However, since the password is saved in an encrypted way we cannot really consider it a serious security issue.†So, it appears that Noble Poker has no intention of correcting this problem. They don’t even seem to understand it as this last email is trying to convince me that the information is stored in an encrypted format but as the photo indicates, that is simply not the case. If you play at any of the rooms listed in this post you should email their support and tell them you find this to be unacceptable. All that needs to happen is some virus gets out there that steals your login and password and emails it back to someone who rips off your entire bankroll. source: http://www.billrini.com/2006/07/06/unsafe-poker-rooms-part-duex/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.