Cerus Network - For those who still play

[Windbreaker]

[Robbie Robb]

There wouldn't be many situations where being able to sniff out someone's hole cards would be useful since it doesn't appear that the opponent hole cards are sent until the end of the hand if/when shown. I suppose if you camped outside someone's house who plays HU there would be a big benefit .

What's scarier is the part he just kind of glosses over - that username and password is easily intercepted to allow for direct access to account.

[Talking Poker]

Wow. I haven't played there in years, but thanks for posting this.

And RR, you are looking at it wrong... the hole cards are showing up immediately, as soon as they are dealt.

[GTDawg]

Yeah, his own cards. Unless I am viewing the video wrong and misunderstanding what he is talking about.

To use this to your advantage, you would have to be at the network of the opponent that you are playing to grab the packets for the linux program.

How, exactly, does grabbing your own cards as they are dealt help you in any way, shape, or form? To gain an advantage, you're going to need your opponent's hole cards and...from what I understand in that video...you need to be somehow connected to the hub of a wired network or within reasonable distance of the wireless network that your opponent is using. That just isn't logistically possible under any circumstances.

Perhaps I am missing what he is describing, but that's the way the video implies things.

Also, I would say the username/password is the more important information, as well. It would make much more sense to have this program available in case you run in to an unsecured network of some sort (whether it be internet cafe, restaurant, dorm room, whatever). Scan it for people playing Absolute. Take their account information. Steal their shit.

[BlibbityBlabbity]

I believe this is addressing the basic holes in the security protocols that the Cereus Network has used to pass information back and forth between the Poker site server and the users computer. He is saying they did not use the standard industy encryption prtocols and instead created and used their own..... and their's suck (here, see, I can hack them).

If he can hack the windows computer from the linux computer through a wireless connection (if he is right around the house) or if connected with a wire if he breaks into the users house, I think he is saying it can also be done remotely as well. In either case, that is a huge issue.

When you send your confidential information (user, password, hole cards, credit card numbers, etc) to/from their server they should be encrypted in such a way that is someone does intercept the packets of data, they would not be able to decrypt them and read the information. Only the computer that is supposed to get the packet should have the code necessary to read it.

That said, we are talking about hackers and anything is possible if you put your mind to getting it.

[GTDawg]

I agree that their security system definitely needs work if he was able to grab that information. And, if they didn't use industry standards, that is very telling in that they seem to be incompetent and proud of their incompetence.

From that video, he doesn't not seem to imply that it can be done from ANYWHERE. Even though the simple idea of it being done is disconcerting. He seems to imply that there is some level of location needed to get the information (as opposed to anyone grabbing the information from their living room about any person playing the game).

But, again, he isn't capturing another person's hole cards. He is just grabbing his own.

While I find the ability to grab the information and produce a usable result bad, I'd say that being able to find the opponent's hole cards from a remote location to be far higher on the exploitation list of bad things that can happen.

But, again, he implies that you can grab a person's account information which would be far and away the most egregious problem surrounding this situation. Far more than gaining an advantage through knowing someone's cards.

[MAYHEM45]

PCA, Vegas during WSOP, the list goes on and on. Scary shit.

[GTDawg]

"He is proving that ppl playing on unprotected network, other ppl can obtain their hole card information due to the weak encryption on the Cerus Network. "
---
"The reason he was only seeing his hole cards was that he was the one playing on the computer. If there was another player on the network that his software was monitoring (next door neighbor, for example) he could have been seeing them as well. "

That's my point, though. Yes, I'm fixated on HIS hole cards...because he hasn't demonstrated that he can find ANOTHER person's hole cards without being physically near their network. (The idea of being able to see an entire table's hole cards, for example)

The need to be near an un-encrypted wireless network or connected to a hub that people are playing on diminishes the "scary" factor related to being able to see the hole cards. Unless we are going to assume that he will ALWAYS be playing near someone else playing Absolute on the same stakes/same table, whatever.

It is logistically improbable that he would be near someone else playing Absolute, considering he would need to play the same game as them for an extended period of time to gain an advantage from seeing their hole cards. I mean, he would...essentially...be seeing only one other person's cards. While an advantage, it isn't something that will GREATLY improve his winnings (although it is a huge advantage). And, again, he's never going to be playing multiple people from one network except in very rare circumstances.

I mean, how often is your neighbor playing poker on an unsecured network? How often is some random guy playing Absolute on the network at the local starbucks?

***
"PCA, Vegas during WSOP, the list goes on and on. Scary shit."

As mentioned before, these events are definitely more primed for him to steal account information as it would be a far easier score.

He glosses over, what I feel, is the more serious issue. That account information can be gained through these security flaws.

It would be far FAR easier to scour Vegas during the WSOP for people playing Absolute on hotel wireless and grab their account information as compared to finding one single person's hole cards while you played against them.

***
I'm not sure if you guys are misunderstanding my point or not. I see that you can view the hole cards. However, there is a need to be physically NEAR someone (within network range of some kind) to grab their cards. And, you'd have to sit there and play them for an extended period of time to gain an advantage. It is a big advantage to know one person's hole cards, however, it isn't the same advantage as being able to see ALL the cards.

When looking at the entire situation, the idea that account information can be stolen through this security flaw is infinitely more serious than the ability to see one other person's hole cards.

[Talking Poker]

The latest from UB: