Cookies on the PokerWorks Website

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the PokerWorks website. However, if you would like to, you can change your cookie settings at any time.

Continue using cookies

Poker News | World Poker News

New Security Issue Surfaces at Ultimate Bet and Absolute Poker

Share this
The Absolute and UltimateBet scandals rocked the online poker industry for years, but when the Kahnawake Gaming Commission released its final decision in September of 2009, it seemed that the Cereus Network under Tokwiro Enterprises resolved its security issues and looked to put the scandal behind it. But another security breach has surfaced in recent weeks, again putting the spotlight on UltimateBet and Absolute Poker and casting doubts over their claims of top-notch security software and assurances of the safety of its players.

Proof of the security issue on the Cereus Poker Network, which hosts Absolute Poker and UltimateBet, came from Poker Table Ratings (PTR), a website dedicated to online poker and associated rankings and statistics. The site published a report on May 6, 2010, noting that Cereus “uses weak encryption” and “poor security practices” and labeling the severity of the issue as critical. The description of the problem explained that the encryption system used by Cereus was weaker than the industry standard SSL and that the key could be easily identified, meaning users login names, passwords, seat numbers and hole cards in online poker games could be identified as well. PTR notified Cereus of the problem.

In a follow-up report on PTR, it was explained in simpler terms. The bottom line was that the flaw in the Cereus software allowed the possibility that a hacker could access anyone’s poker account, see their hole cards, and cheat the system. The premise was that the encryption process that keeps data from being read by the average internet user was compromised, meaning that information such as table number and hole cards were not sufficiently encoded to prevent others from accessing that information. Those playing on UltimateBet or Absolute Poker from an unsecured wireless network were the most at-risk, though other networks were also in danger of being compromised. However, the report noted, “We have no way of knowing if this exploit has been discovered and used to steal from Cereus users, but it seems unlikely.”

PTR then suggested that players cease activity on the Cereus Network until the issue was resolved. “There is no way of being 100% secure at the moment,” it stated. Then it went on to suggest, “If a player chooses to continue playing on the Cereus Network while the network is still vulnerable, they should at minimum plug directly into their modem. This will prevent anyone on the network from exploiting them. If a wired network is not an option, the player should make absolutely sure their network is encrypted using WPA2 encryption. We absolutely advise against playing on any unknown or public networks - especially wireless networks.”

And its message to Cereus was quite clear. PTR suggested that Cereus upgrade all of its network communications and adapt the industry standard of OpenSSL, as well as conduct an audit to verify its security system and check for breaches.

It didn’t take long for Tokwiro COO Paul Leggett to respond. He posted a blog entry on the UltimateBet website on May 6 to address the issue, stating that he was made aware of the issue by PTR and that the company takes it seriously. “I would like to start by reminding everyone that someone would have to have the technical capabilities to crack the encryption method we currently use and they would also have to hack into your local network in order to gain access to sensitive data,” he wrote, somewhat dismissive of the possibility that it could be done. However, he continued that the problem was being fixed, “We are currently working on implementing a new encryption method and we expect to have it live in a matter of hours.”

Leggett proceeded to explain that he was “embarrassed and upset that this issue was not caught by our internal staff or through the countless audits we’ve been through this year and last year,” and he was “shocked” that the problem was not caught by those involved in Cereus’ security system. The plan going forward was to implement new security resources and outside companies to test the new process. “We will not rest until it is fixed,” he stated.

The following day, another blog post appeared from Leggett, explaining that an update for UltimateBet and Absolute Poker had been completed and a new version of the software was in place. “We fixed this issue by implementing a more advanced multi-layer encryption, and we have also implemented logic that will prevent any manipulation of this encryption. We have also started working on a more advanced solution, which is the implementation of the OpenSSL standard for our client encryption. We expect to have this live in one week.” PTR will be assisting in testing the new system to verify its security.

He also noted that he believed that no one exploited the past system to victimize players on the sites but an investigation was launched, at the behest of many players, to ensure that no crimes had been committed.

News Flash

The IRS Scores Big at 2015 WSOP ME Final Table

The IRS managed to snag 34.13 percent from the payouts of the 2015 November Nine, totaling $8,467,091.

Read more

Quick Room Review

Bonus Room review

Subscribe to the Nightly Turbo

Be the first to know all the latest poker news, tournament results, gossip and learn all about the best online poker deals straight from your inbox.

RSS Feed