Poker related forums and chat rooms were ablaze yesterday on the news that another poker industry website had issued evidence of a flaw in the Cereus Poker software that could potentially affect both Ultimate Bet and Absolute Poker. In a controlled environment using dummy accounts, the site known as PTR illustrated how they cracked the wireless network they were playing on and, using custom “hacking” software, were able to access otherwise secure information on the dummy accounts. While a security issue such as this should always be cause for concern, it’s important to point out that no actual exploitation of this security flaw has been reported to have taken place, aside from the controlled experiment conducted by Poker Table Ratings. According to PTR,
“there are no cases of this vulnerability being used to exploit actual players.”
The vast majority of players playing from home faced little to no risk. Hardwired home-based internet connections faced almost zero risk with the relatively small percentage of people who might be playing across an unsecured public wireless connection having the highest potential vulnerability. In order to be exploited, a player would have to be specifically targeted, would have to be known to be playing on the Cereus Poker platform and would have to be playing across an unsecured wireless network. According to one poster on PTR, exploitation of this potential flaw would require a virtual perfect storm of coincidence, stating,
“It isn’t a major problem, it really only affects a very small minority of cases where people are being stupid and a pretty knowledgeable hacker just happens to be very close by.” The poster continues to call PTR’s reporting nothing more than the
“scaremongering of non-technical users”.
Upon being notified of PTR’s experiment, Cereus spokesman Paul Leggett thanked the website for their efforts in illustrating the potential security flaw and issued a statement on his blog assuring players that the company is taking this matter very seriously. Insisting that the company is addressing the matter immediately, Leggett also reminded players
“that someone would have to have the technical capabilities to crack the encryption method we currently use and they would also have to hack into [a player's] local network in order to gain access to sensitive data.” The company, Leggett stated, is already working on implementing new encryption methods and the expectation is that all possible security issues would be fixed within a matter of hours.
As of Friday morning, Cereus reports to have upgraded their software in order to resolve the potential issue and are discussing the possibility of engaging PTR for further audits of their systems in order to assure players of a secure gaming environment. It’s clear that the company is taking this matter seriously, despite the remote chance that data could have been compromised. According to a Cereus spokesperson,
“we have no reason to believe anyone has exploited this vulnerability”. However, the representative continues, the company is
“reviewing all serious complaints to see if any player was able to exploit this vulnerability and we will investigate any other serious requests we receive.”
The poker community is urged to provide the Cereus Network with any related input, suggestions or questions regarding their software and security via email to
pokersecurity@ub.com.