Cake pulls a UB

[Pokerkeep]

Cake Poker Network uses weak encryption, poor security practices.

The Cake poker network uses a weak xor based encryption mechanism for all network transmissions instead of the industry standard SSL. The encryption key is sent in plain text and can be used to dump data from the datastream to the cake client application.

Read the complete article at PTR

I'm at a loss for words here..... I guess all Cake rooms need to be added to my blacklists - SIGH!

 

[grem]

this is embarasing for the network admin

 

[theshortstack]

Unbelievable.

After the huge furore surrounding UB, surely the first thing that every online poker room checks is that they're not going to be caught out in the same way.

Apparently not.

I haven't promoted Cake itself for years due to their terrible tracking, but I'm more worried about other rooms on the network that I guess I'll have to think twice about promoting

 

[Pokerkeep]

I've posted a warning on my blog and on my Affiliate Aid site. We all need to get the warning out to our players. Cake Poker Network is unsafe at this time!

 

[grem]

Is it fixed or any Cake representative make any comments when asked?

 

[Pokerkeep]

Reply from Cake

I received an email from Cake today.... pretty much exactly how Cereus reacted to the same problem a few months back. I guess it's too much to ask for them to actually shut down the network until it's fixed.
____________________________________

Hey Terry,<o></o>
I saw your recent coverage of the Cake Poker security issue and I wanted to make sure that you had the statement from our poker room manager Lee Jones:<o></o>
<o> </o>
Hi folks -
Here's a status update on the security vulnerability in the Cake Poker software which was reported yesterday. Our development team replicated the described scenario and confirmed that a vulnerability exists which can be addressed to strengthen the security of the Cake Poker software. We take this very seriously and have mobilized a team of senior engineers to address the problem. In short, we are adding an SSL layer to secure all communication between our servers and the client software. We've got everybody who can possibly help on this and will get the development and testing jobs completed as soon as humanly possible.

In the meantime, if you wish to play on Cake Poker (or the Cake Network), we encourage you to follow good security practices:<o></o>

• Make sure that your computer is secure. Run anti-virus and spyware detection software, don't share your computer's password with anybody else, etc.<o></o>
• In terms of network security, the most secure thing you can do is play on a wired network. Plugging your computer into a router or modem with an Ethernet cable is the best defense against your packets being sniffed.<o></o>
• If you are on a wireless home, dorm, or other network that is WPA2 protected, that's your next most secure solution.<o></o>
• We encourage you not to play on a wireless network which is not password protected. For instance, if the coffee shop around the corner just plugged a wireless router into their cable connection and announced "Free WiFi", you shouldn't be playing on the Cake Network there. It's worth noting, in fact, that you shouldn't be doing anything of financial importance over an unprotected wireless network (poker, banking, etc).<o></o>

Ultimately, it comes down to a question of degree. No system is 100% secure and each person must weigh the relative convenience of access (e.g. free WiFi at a coffee shop) against the potential security risks.

For our part, we are totally committed to closing this hole in our server-client communication security and it will be our top priority until it's done. We will update you as soon as there is more to say.

Thank you, as always, for your patience and understanding.

Best regards,
Lee Jones

Cake Poker Cardroom Manager<o></o>
<o> </o>
<o> </o>
<o> </o>
Susan<o></o>
Publicist