Posts Tagged ‘data-mining’

Chaos over at Cake?

Tuesday, August 17th, 2010

Cake is a blossoming poker network which allows US customers, but a big slice of its credibility has been removed recently.

Since its 2006 inception, Cake Poker has become favoured for its juicy low-mid stakes action, lucrative sign-up bonus, and Daily Lottery Card schemes. But PokerTableRatings, a site that specialises in providing hand histories and player information, uncovered a serious floor in its encryption.

Without resorting to too much technical jargon, ‘encryption’ weaknesses meant that any hacker with access to a player’s network could view his hole cards. The vulnerability extended to server side, which meant a super-user could view all hole card information. Such dangers were ruthlessly exposed in the Ultimate Bet scandal, when super-users including ‘Potripper’ fleeced honest players out of thousands.

As explained by Cake Card room manager Lee Jones, problems arose when Cake switched from the TwoFish encryption algorithm to XOR encoding, instead of resorting to the esteemed SSL encryption code.

But why the suspicion? Does a weak encryption code (as exposed by PTR) necessarily mean abuse? Jones has admitted that several months ago Cake programmers insisted the encryption code was more secure than Cereus, which suggests deceit may have been involved. In response to PTR’s findings, Cake have added the ‘SSL layer in all server-client communications…together with peer verification’. They have also asked UB scandal investigator Serge Ravitch to initiate an official audit.

Despite Jones’s promise of a comprehensive enquiry, several questions remain unanswered.

Why did the programmers originally lie about the ‘fake’ encryption’s security qualities? Was it simply to lighten their workload, or for more devious means? Even if super-users were operating on Cake, it’s unlikely they will be uncovered. The Cake software forbids data-mining, and it allows players to change their nicknames (rendering PTR’s tracking software useless).

Regardless of the confusion surrounding Cake’s encryption, it’s important to stress the phrase ‘innocent until proven guilty’. Let’s just hope Cake Poker avoids the UB path of deception, and keeps us all updated.