Your welcome, the GOV uses hackers, to test their security system, they even say so.What the take-away from this that everybody should understand is that Network Security and Applications Security is really, really hard to do well. It is very EASY to do it badly (as in the MD5 offset hash) for people who are not well trained in the arts. So they put a band-aid in place (stronger keys). Big deal. The fact that there was nobody either in the company or in the Auditors that had any clue on how to do SSL or TLS is riddiculous. Any bonehead can go to FoundStone, Nessus, or SecureScout and have their servers and applications put through a security scan - which would have caught this problem in about 30 seconds. I know - I'm on the receiving end of a scan every quarter and I'm under the gun to upgrade my OpenSSL and NTP libraries because of it.
The fact that they have "hackers" employed trying to break it is a bit funny. No self-respecting company would use the term "hacker" to describe a decent Security Consulting firm. There are many out there that are well qualified to evaluate the security of the system, but they are expensive. This tells me that Cereus is taking a half-assed approach to the problem and attempting to make itself look good in the process.
Thanks for posting it Kid.
Since this is a poker forum i can't post some some of what i know how to do... as long as your network has a great firewall you are safe. To know what a hacker does, you have to get inside of a hackers mind.I realize that there is not a lot of love between this forum and cereus.
I am not a computer expert but I have had responsibility to purchase and administer systems. You just don’t know all your weak spots until one is exploited.
Is it possible that this was done on purpose to steal player dollars by the firm’s executives? Yes possible but when contrasted to the damage done to the value of the firm and the stock options held by executives rather unlikely.
I have spoken with various personnel at Absolute a few were solid most were questionable. I have had occasion to communicate with personnel at a dozen other sites and found the quality equally dubious. Quality needs improvement across the poker world.
A few weeks ago my computer was attacked while on the Google server. This has happened in the past. Fortunately, my security saved my backside. Google personnel are top drawer yet their security has been compromised several times. I guess I best remove that site and toolbar it is no longer clean.
This month I also had an opportunity to talk with several layers of security at Chase Bank. The bad news is that they would fit in better at customer support at Absolute Poker than the corner 1 branch bank. Most major banks worldwide have been attacked electronically and with counterfeit. Best get the shovels ready since we can’t trust the banks moving forward. Yes its time to bury your ducats in the back yard.
The Bad Truth is that Cyber InSecurity is an evolving rapidly changing animal and you best take some responsibility to cover your backside. India has stopped importing many electronics from China fearing electronic espionage in multiple forms.
Any institution or individual with assets is under attack and all have flaws or openings. I think we need to see how firms react to adversity before issuing final condemnation. That does not mean that I feel that these sites are clean; it means that their actions require greater and further scrutiny. I am willing to see what management is going to do now to make this system right for their players.
I see these same accusations of rigged games, cheating, and super hands to max pot sizes at every site I have ever played.
My guess is that every site of any scale has been compromised at some time. Some sites have been hit by smarter crooks and superior managements.
Online poker needs top quality support, management, and integrity I hope that the industry moves to deliver what their clients deserve.
Out of anything i am reporting PTR for hacking to the FBI, Who knows how many accounts they have hacked.Still broken, after being "fixed".
http://www.pokertableratings.com/blog/2010/05/cereus-patch-adds-ssl-audit-underway/
Your welcome, the GOV uses hackers, to test their security system, they even say so.
Since this is a poker forum i can't post some some of what i know how to do... as long as your network has a great firewall you are safe. To know what a hacker does, you have to get inside of a hackers mind.
Well a firewall in a router is better then a software one.Not exactly... And yes, I know.
That is a common misconception. A firewall is only the start of a good security policy.
Sorry if this isn't the right place to ask this question...
But yesterday after the software update, I got an error message when I tried to log into Absolute Poker. I did some research on the error, and I discovered that the solution was for me to disable my anti-virus software. I use Avira and AVG, and all the other poker rooms' software (FT, PS, etc) works fine with the anti-virus. This bothers me, because I have no intention of disabling my security software to play at Absolute Poker, but nothing else has worked. Just wondering if anyone else has run into that problem.
Still broken, after being "fixed".
http://www.pokertableratings.com/blog/2010/05/cereus-patch-adds-ssl-audit-underway/
Great to see their numbers dropping. At peak hours there have been 4-8 thousand less players online than usual. Maybe one day it will reach 2 and that would be Russ Hamilton trying to superuse the bot
Great to see their numbers dropping. At peak hours there have been 4-8 thousand less players online than usual. Maybe one day it will reach 2 and that would be Russ Hamilton trying to superuse the bot
Oh so you're greedy and only care about yourself? How about caring about the poker community in general? Alot of people do have $1000's of dollars on that site, so just because you don't, who cares?
You are the kind of people that give the community a bad name.
Don't be an idiot.
I play poker because I like it, I also contribute to this forum as and when I feel I can provide input.
I am not some do gooder who is trying to right wrongs and save 'the blessed community'.
I will take your money or the next guys without fear of disruption to 'the community' and as sure as eggs are eggs if I win a large amount at some point I will be paying my mortgage and buying a nice car, NOT giving it back to the community.
The Gent :eviltongu