Once again on July 28, 2010 the website PokerTableRatings.com (PTR) uncovered another major issue with a poker network's security, this time it's the Cake Network who has been hit. In less than two months PTR has uncovered security problems with the Cereus Network that runs UltimateBet and Absolute Poker, and now with another major online poker network the Cake Network. PTR is reporting that the Cake Network issue is almost identical to that of the most recent Cereus Network security problem.
How Cake Network Users Could be Vulnerable to Hackers
PokerTableRatings uncovered that with relative ease a hacker who has gained access to another player's wireless Internet connection has a great chance at learning the player's hole cards, account information, and possibility of hijacking player accounts through gaining usernames and passwords. The problem is in the algorithm the Cake Network, and possibly all Cake skin poker rooms, such as Doyles Rooms, uses. Currently Cake only uses a 32-bit plain text code instead of the industry standard 256-bit algorithm under an OpenSSL.
The security holes are nearly identical as the ones found on the Cereus Network before they implemented the required changes in their own algorithm. The main difference between the two networks is that Cereus' code was set, while the Cake Network's code at least changed over time, but this isn't the worst part. While the Cereus Network never claimed to operate under a 256-bit encryption, the Cake Network did on all of their skins. This means Cake made false statements to all users about what security they use to protect player information.
How Players Can Help Themselves Against Hacked Accounts
PTR goes on to say that the most vulnerable players are those who play on open wireless Internet connections that can be found in places like a Starbucks or any other unsecured public wireless connection. Players who use a wireless connection should always play on a safe and password secured wireless connection in their own home. The lowest risk for players is found in those who play on wired connections straight into a modem.
PTR warns that players should stay off of any Cake Network skin until the problem has been resolved as they see that there is no way the entire network will be 100% safe until the network is secured by an OpenSSL encryption. The thing to remember is that PTR did their tests knowing exactly what to look for and on unsecured networks, and like any consumer watchdog they are giving their readers the most cautious advice possible. The key is to be smart and play on secured Internet connections and change currently used passwords.
Cake Network's Initial Response to Security Problems
The Cake Poker Card Room Manager Lee Jones reported on the poker forum Two Plus Two that after the Cereus Network problem he contacted his security department who assured him that their network was much more secure than Cereus', but he left it at that and trusted they were correct. He goes on to apologize and says action will be taken to correct the security problems.
If the Cake Network uses Cereus' plan on fixing the security hole then the breach in their encryption should take a few days or up to a week for the holes to be patched and an OpenSSL implemented, but in the meantime Lee Jones has issued a statement saying action is being taken to plug the hole in their server-client communication security. Overall the Cake Network has acted on the issue faster than Cereus did on theirs and even more quickly than PokerStars reacted to the recent computer bot cheating scandal. One thing's for sure, a problem like this is likely not to hit the Cake Network in the future.
David Tubbs - David is a graduate of the University of Waterloo with an Honours B.A. in History with a focus on medieval Europe. While his formal ...
Join the Conversation