Q
quads
Rock Star
Silver Level
Most of us are always visiting assorted poker information web sites. Be it for the newest software support programs, e-books, opponent information, etc…Read an interesting article about downloading spyware programmed to steal your down cards. So be selective in the future what you download.
Your cards are a secret between you and the poker site. Or rather, between your computer and the poker site’s computer. Those are the two points of attack. If someone at the poker site who has access to the server code wanted to look at cards, they could, without question, do so. There’s no way around that.
More immediately concerning (at least to the extent that it’s actually something you can control), however, is spyware. Your computer knows your secret key and your cards. If you accidently download and install a spyware package designed to sniff out your cards, you’re toast. It would sit in the background, and you’d have no immediate tip-off to its existence. It would read either your secret key or your actual decrypted cards and transmit them to a server run by the spyware developer. Then he could see your cards every time you play.
Writing such spyware without “cooperation” from the poker site is far from trivial, however, as Windows has built-in protections to prevent a random program from accessing the memory of another. In other words, I couldn’t write a program that just looks at the memory used to store your cards because that memory belongs to a different program. Windows would say, “Nope, you can’t read that.” [Ed. Actually, it’s really not all that hard to write spyware that grabs your cards. An easy example is a screen scraper that watches what’s on your monitor and forwards that information to a 3rd party.
It’s not easy to write such a piece of spyware. But in computer security, where there’s a will, there’s a way. There’s money to be made, and you can be 100% certain people are working on hacks like this as you read this. Someone will find a hack, get people to install it, and use it for a while to steal money. Eventually the poker site will find out, and the developer will fix the crack. But in the meantime, bad stuff has happened.
Guess just another thing to worry about online.
Your cards are a secret between you and the poker site. Or rather, between your computer and the poker site’s computer. Those are the two points of attack. If someone at the poker site who has access to the server code wanted to look at cards, they could, without question, do so. There’s no way around that.
More immediately concerning (at least to the extent that it’s actually something you can control), however, is spyware. Your computer knows your secret key and your cards. If you accidently download and install a spyware package designed to sniff out your cards, you’re toast. It would sit in the background, and you’d have no immediate tip-off to its existence. It would read either your secret key or your actual decrypted cards and transmit them to a server run by the spyware developer. Then he could see your cards every time you play.
Writing such spyware without “cooperation” from the poker site is far from trivial, however, as Windows has built-in protections to prevent a random program from accessing the memory of another. In other words, I couldn’t write a program that just looks at the memory used to store your cards because that memory belongs to a different program. Windows would say, “Nope, you can’t read that.” [Ed. Actually, it’s really not all that hard to write spyware that grabs your cards. An easy example is a screen scraper that watches what’s on your monitor and forwards that information to a 3rd party.
It’s not easy to write such a piece of spyware. But in computer security, where there’s a will, there’s a way. There’s money to be made, and you can be 100% certain people are working on hacks like this as you read this. Someone will find a hack, get people to install it, and use it for a while to steal money. Eventually the poker site will find out, and the developer will fix the crack. But in the meantime, bad stuff has happened.
Guess just another thing to worry about online.