PTR Claims That Cake Poker Security Situation Not Yet 100% ResolvedPublished on August 5th, 2010 6:29 am EST
On July 26th, 2010, PokerTableRatings.com (link below) issued a security alert titled "Cake Poker Uses Weak Encryption".
According to PTR, Cake Poker was found to be employing a "XOR-based" method of encryption, rather than the 256-bit TwoFish encryption algorithm that they were claiming to be using on their web site. According to PTR, the "XOR-based" encryption method that Cake Poker was using for their network transmissions left their customers vulnerable to an exploit.
To demonstrate the vulnerability, PTR stole "usernames and passwords from multiple Cake network skins" while using a dummy cracked wireless network. In addition, PTR claimed that they were able to steal hole cards as they were dealt.
PTR warned that many were in danger of having their Cake Poker (or Cake Poker skin) accounts compromised, especially those who were playing on a public unsecured wireless network.
Cake Poker Cardroom Manager Lee Jones released a statement the next day, claiming the company was "totally committed to closing this hole in our server-client communication security" and that "it will be our top priority until it's done."
Cake Poker released a patch on Tuesday in which they added SSL support for their version 1.0 Cake client.
The problem? According to PTR, the "Beta client" and "at least some of the skins of Cake Poker" have not added the new layer of security as of yet.
PTR specifically points to Doyle's Room as a skin that does not have SSL support as of yet (this is according to their August 4th update).
According to PTR, "if you'd like to be sure that your Cake network is safe, navigate to the install directory of the skin (generally C: Program Files, where is the name of your skin) and check for ssleay32.dll."
"If ssleay32.dll is not present", claims PTR, "then your skin is not safe to play."
We'll have more when either PTR or Cake Poker issues another public statement on the matter.
Source: PTR Security: Cake Poker adds SSL, Skins + Beta left out
Source: PTR Security Alert: Cake Poker Network (July 26th, 2010)
Filed Under: Online Poker Rooms