Security problems at Cake network

[PGremlin]

http://www.pokernews.com/news/2010/07/the-nightly-turbo-serious-network-vulnerability-on-cake-poke-8611.htm http://forumserver.twoplustwo.com/showpost.php?p=20496379&postcount=5937 http://forumserver.twoplustwo.com/28/internet-poker/official-cakepoker-feedback-thread-464370/index401.html Taking the Cake According to a recent report on PokerTableRatings, a security flaw has been found on the Cake Poker Network. It is almost the same flaw as the one found on the Cereus Network, in which players' accounts and hole cards were vulnerable to theft. The PokerTableRatings sleuths have embedded a video of them successfully stealing hole cards as they were dealt. They've been able to steal passwords and user names from multiple Cake Network skins. There are a few differences between this security risk and the Cereus Network risk and you can read up on it all at PokerTableRatings.com. Cake Poker Cardroom Manager Lee Jones posted a response on TwoPlusTwo about the issue. "Sure, when the issue came up in May, I asked our software management team. They told me that we were more secure than Cereus. When this all came to light a few hours ago and they got down into the actual code, it turned out they were wrong (as one of the senior managers just admitted to me)...I owe the entire Cake poker community an apology: I am very very sorry." Read the entire statement here and Lee answers questions from concerned community members in this thread.

[PGremlin]

Re: Security problems at Cake network In regards of this news I will not play there untill they fixed the leak. I went even further and check my funds on Cake and withdrew everything I have there until they have their shit together again :loon

[Guest]

Re: Security problems at Cake network Gotta say Im not impressed by their reaction to be honest. Difficult to tell when written word is genuine or not but my feeling is they are trying to ride out the storm and fob people off. I only know about this from PL so that says it all to me :\ No chance I'll go back for a long time .....

[PGremlin]

Re: Security problems at Cake network PTR Security: Cake Poker adds (some) SSL UPDATED By Dameon - August 4th, 2010 On Monday July 26th PTR released a bulletin examining a Cake Network security vulnerability that allowed access to sensitive information in the data stream. The Cake poker representative on 2+2 Lee Jones acknowledged the issue last week, and promised a fix. Last night on Tuesday August 4th Cake released a patch which does add SSL support to the OLD Cake client only. PTR Security has reviewed the patch and we are happy to announce that this appears to be a correct implementation of SSL using the industry standard OpenSSL library. The vulnerability seems to have been resolved in full for the version 1.0 Cake client. The Beta client is still insecure and is NOT SAFE TO U SE. If you are going to resume play on Cake, please refrain from using the Beta client. When a patch comes out for the Beta client we will review it as well. Please note that this patch appears to have not rolled out to at least some of the skins of Cake Poker. Presumably they will be be rolling out this patch to their skins as well shortly. If you’d like to be sure that your Cake network skin is safe, navigate to the install directory of the skin (generally C:Program Files, where is the name of your skin) and check for ssleay32.dll. If ssleay32.dll is not contained in the skin installation directory, then your skin is not safe to play. We have checked several skins ourselves (Bruce Poker, Doyle’s Room) and they have not added SSL support yet. Stay tuned for updates. Update 2010-08-05: The Beta client is NOT SECURE. There is NO SSL on it at the moment. Lee Jones posted at 9:20PM yesterday that there was SSL, but if it was added, it has since been removed. A few skins seem to have added SSL, Bruce Poker for sure.