Det her er rimelig syg læsning!
Jeg tror ikke jeg må poste linket til nyheden, så her kommer et uddrag:
Problemet/opsumering:
INDSÆT AFFILIATE SITE Security has uncovered a serious vulnerability in the network encoding used for the Cake network. This encoding leaves player’s accounts as well as hole cards vulnerable to being stolen by any third party who is in between the player and Cake’s servers, as well as anyone who can snoop on their traffic. This means that players on wireless networks (especially unsecured ones) are at particular risk.
This security vulnerability is almost the same as the previous vulnerability we uncovered at the Cereus poker network, which has now been resolved, but there are a few significant differences which will be discussed in the “Special Notes” section.
We believe this vulnerability applies to every Cake network skin (our testing was limited to Cake poker and Doyle’s room). We also were able to verify that this vulnerability applies to both the current Cake client and their new Beta client v2.0.
If you are going to skip the majority if this article please at least take a moment to read the sections “Risk Levels for Players” and “Suggestions for Players.” These sections are minimum reading for anyone who plays on the Cake poker network.
Testen:
"In our lab, using a dummy cracked wireless network, we’ve been able to steal usernames and passwords from multiple Cake network skins (to our knowledge this vulnerability applies to all cake skins). The username and password was made visible to us as the player clicked the login button, or as the “auto-login” occurred. This exploit is more serious than the Cereus network in which we were only able to get an MD5 hashed version of the password which then required a more sophisticated “injection” mechanism to hijack the account. In this exploit, we simply get the plain text username and password.
We’ve also successfully stolen hole cards as they were dealt, as shown in the demonstration video. This is basically the same exploit as the Cereus network."
"As suggested previously there is no way to be 100% secure at the moment while playing on Cake poker. It is not possible to know that you’re safe, even when plugged directly into your router.
Til spillere:
The only guarantee of safety is to change your password, and stop playing on the Cake network until these issues have been fully resolved and verified by us. Until Cake has switched to OpenSSL, or the TwoFish encryption their webpage says they use, there is no way to be sure you are secured.
If you must continue to play in the mean time you should plug directly into your router or cable modem. If this is not an option you should make absolutely sure your wireless network is encrypted using WPA2 encryption.
Do NOT play on any unknown or public networks, especially wireless network. Also it may be wise to keep the fact that you play on the Cake network to yourself so as to avoid making yourself a target.
Alvorligt sikkerhedshul i cake-netværk!
Ehm, er det her ikke like 2 måneder gammelt? Jeg er ret sikker på at cake fixede det hurtigt.
Bør man generelt ikke under alle omstændigheder...
@ K_B_B
Nyheden er lagt op igår/idag, så den er ganske ny.
Jeg tror du tænker på de problemer de oplevede tidligere hvor b.la. den dårligeste hånd vandt, og spillere blev tvunget til at poste Big-blind 2 gange, samt at nogle knapper forsvandt.
Ohhhh, det er bare nogen gange svært at forsvare online pokers integritet, når visse netværk laver sådan noget fuck up's som denne.
Hvor er det sick ! :S
Men forstår jeg det ret hvis jeg siger, at man ikke har problem hvis man ikke bruger trådløst net ?
Jeg citerer:
"It is not possible to know that you’re safe, even when plugged directly into your router."
Men lol da ...
Så udover at jeg har penge fanget inde på Doyles room, som jeg ikke kan få ud de næste 2-3 uger, så kan jeg heller ikke gå ind og spille med dem ...
Det er satme da genialt
Godt at et netværk som skal leve af troværdighed vælger at satse så stærkt på sikkerhed.
@k_b_b
samme som på cereus for et stykke tid siden, måske det du tænker på.
@supersafe
Det ser ud til at være et problem, hvis du spiller på et offentlig netværk.Hackeren skal være på den samme forbindelse, så han kan gå ind i mellem din computer og din internetforbindelse og snuppe info. Hvis du ikke bruger trådløs eller har kode på dit netværk er sandsynlighed vist ret lille.
Man skal vist være uheldig for at blive hacket, men ikke skide smart at sikkerheden ikke er i top.
@supersafe
din account er vel allerede blevet hacket og tømt = problem solved
z
EB.dk har også en artikel med nyheden nu: ekstrabladet.dk/poker/article1382819.ece
Der linkes bl.a. til en YouTube video med en gennemgang af hackingen.
Efter hvad jeg har læst skal man helt lade være med at spille på cake netværket indtil de har fået orden i sagerne igen. Selv om de påstår at der skal være tale om at bestemte "uheldige" begivenheder skal være til stede før at at ens account kan blive afluret af udefrakommende hackere, betyder det stadig at folk der kender til denne sikkerhedsbrist, nu vil have alle muligheder åbne for at udnytte dette, og derfor må det frarådes at man spiller derinde indtil problemet er løst.
Et helt andet problem er at folk som er ansat inden for Cake netværket kan have kendt til denne sikkerhedsbrist, og derved kan have udnyttet denne til at opsnuse hole cards fra andre spillere.(en ny super user skandale) Det er absolut værste scenario at dette skulle have fundet sted, men man må alligevel være på vagt overfor at der er en risiko for dette. Derfor vil mit råd være at lade være med at spille derinde før at der en officiel udmelding om at sikkerhedsproblemet er blevet løst, og dette er blevet verificeret af en uafhængig kilde.