Latest News
Home > Poker News > Poker Sites > Security Issues Uncovered at Cake Poker

Security Issues Uncovered at Cake Poker

Jul 26, 2010
Author: Michael Mancini
Security Issues Uncovered at Cake Poker

The security team at Poker Table Ratings released a report today detailing security concerns throughout the Cake Poker Network. The concern was over a “serious vulnerability in the network encoding for the Cake Network” that could result in various types of information being stolen by a third party between the player and Cake’s servers, or someone snooping on a player’s traffic. The vulnerable information includes both a player’s hole cards and their account information.

The vulnerability is nearly identical to one that was previously uncovered by PTR on the Cereus Network. That problem has since been resolved. The Cake Network issue appears to exist in every room on the network, and in both their standard and beta clients.

The Cake Network issue seems to exist because of the type of encryption utilized on the site. Rather than use the standard SSL encryption, Cake uses “a custom form of encryption which is XOR-based.” This is known to be much weaker than SSL encryption, and in fact, PTR declared that it “isn’t so much encryption as it is encoding.” This allows a person with network access to maliciously exploit this by decoding the data being sent between Cake and the user.

While the vulnerability is most dangerous for those using wireless networks – especially unsecured or public networks – it is possible for any network to be made vulnerable if someone has access to the data being transmitted.

Perhaps more alarming is the fact that Cake Poker had deceiving security information available on their website. The site claimed that Cake used a 256-bit TwoFish algorithm; in fact, it was a 32-bit XOR-based algorithm.

Lee Jones, Card Room Manager at Cake Poker, responded to queries about the revelations on the Two Plus Two forums. According to Jones, when he asked the software management team at Cake about their security in May, he was told that the site was more secure than the vulnerable Cereus Network. A senior manager now admits that they were wrong. Jones appeared apologetic about the situation.

“Believe me, I feel crappy about having said in May that we had stronger encryption than Cereus did when we didn't,” said Jones. “I owe the entire Cake poker community an apology: I am very very sorry.”

Related Articles

Entraction Rebranded as IGT Poker Network Yatahay Rebranding to Winning Poker Network Protests Affect Cash Game Traffic at PokerStars Online Gambling Site to Make Roulette Ball from Michael Jackson's Hair PokerStars Announces Turbo Championship of Online Poker

News Categories

Online Poker News Monthly Archive
MONTHLY ARCHIVE - 0
January
February
March
April
May
June
July
August
September
October
November
December
MONTHLY ARCHIVE - 2007
January
February
March
April
May
June July August September October November December
MONTHLY ARCHIVE - 2008
January February March April May June July August September October November December
MONTHLY ARCHIVE - 2009
January February March April May June July August September October November December
MONTHLY ARCHIVE - 2010
January February March
April
May
June July August September October November December
MONTHLY ARCHIVE - 2011
January February March April May June July August September October November December
MONTHLY ARCHIVE - 2012
January February
March
April
May
June
July
August
September
October
November
December

Newsletter Signup - get 10 free poker tips instantly as well as our monthly newsletter

GO

Instant Poker Cash Sky Vegas Promo Code WSOP 2011 WSOPE 2011 Online Poker Sites Shut Down PokerStars Fulltilt USA Shut Down / PokerStars Shut Down USA / Full Tilt Poker Shut Down USA

Contact us / About Us / Our Editors / Privacy Policy / Disclaimer/

© Copyright 2005 - 2012 Internet-Poker.co.uk - Your Complete Internet Poker Portal - All Rights Reserved