PTR Exposes Lapse In Cake Poker Network Security
Tuesday, 3. August 2010

This past week, PokerTableRatings.com (PTR) reported that Cake Poker Network had a lapse in its security to the extent that a skilled hacker could easily exploit their software. The lapse in security not only could expose players’ hole cards but allow skilled hacker to gain access to players’ accounts.

PTR compared the Cake Poker Network security breach with a similar one which affected the CEREUS Network with some differences. In the case of both of the networks, the industry standard SSL encryption for all data transfers between the sites and their players was not being utilized. In the case of the Cake Poker Network, an far weaker XOR-based encryption was used which leaves players at far greater risk, in particular those players that utilize a wireless router.

PTR further reported that they performed their tests on two of the most popular member sites of the Cake Poker Network: Cake Poker and DoylesRoom. They believe that the problem was valid for all of the other sites in the network that include OnlyPoker, Gutshot and Unabomber Poker (Phil Laak’s room).

The reported vulnerabilities differed depending upon how the player was connected. The leased amount or vulnerability was reported when players were accessing the network via a wired home connection followed by a moderate amount of vulnerability when players were accessing the network via an unsecured wireless network followed by a severe amount of vulnerability when players were accessing the network via a public unsecured wireless network. That having been said, PTR is quick to confirm that the network has not been compromised, no one has yet exploited the vulnerabilities and no accounts have been affected.

PTR immediately informed Cake Poker of the issues and the Card Room Manager of Cake Poker, Lee Jones, was quick to reply. Jones stated in an email that the Cake Poker Network was committed to addressing the issue and closing the hole in their “server-client communication.” He further suggests that Cake Poker Network players shy away from playing on unsecured wireless networks.

Jones went on to state that the Cake Poker Network has recently undergone some security overhauls that include strengthened encryption. He insists that they are adding an SSL layer to secure all of the communications between their servers and their client software. All of these changes should be instituted as an update for players that log onto the Cake Poker Network.

Visit PokerStars and see for yourself why they are the largest poker room online.