Ukash

[klinkman]

I think you're being way too dramatic. An extremely small percentage of people would be capable of doing what these guys did (which has since been corrected) and an even smaller percentage of those people would be able to come up with the passwords needed to access accounts.

Not to mention that poker rooms have other safeguards in place to spot intrusion and protect their players.

If you still somehow managed to get past all of that, they would be able to detect you dumping and subsequently requesting a withdrawal (ask any of us who have "dumped" in the past because P2P transfers weren't possible only to have our accounts locked immediately after).

But lets pretend that none of the safeguards worked as they are supposed to and someone managed to get through all of them.

Bovada/Bodog is more than capable of reimbursing you and they would do so immediately in a situation like this.

But wait, what if they didn't? Then you contact myself or Judy and we'll help you get things resolved?

What if we can't do anything? Well, there's plenty more resources that we would then use to get things resolved.

What I'm saying is that you're more than covered should you encounter a problem at any reputable online establishment.

I'd wager that the percentage of people capable of doing what they did and capable of exploiting it is exactly the same-anyone with the capability to create that kind of program will have no problem, for example, orchestrating a dictionary attack in the manner demonstrated in the video.

Obvious chip dumps are obvious, but more sophisticated dumps are completely possible and require a trained security staff to detect-something I would not be comfortable trusting the same security team the violated the first rule of client-server security.

You are completely correct that bovada would be able to reimburse you for your losses, and that you and Judy are in a position to help us accomplish that goal.

But you miss one of the other big reasons why this security flaw could be bad. We all know I use tracking software to improve my play, track my opponents play and display statistics regarding their play in order to aid my decision making process at the table. Many opponents don't like this, and choose to play at anonymous tables in order to avoid it. But if the process to create that anonymity is broken, and I am able to gather the same data and use it in the same way as I did at non-anonymous tables, I now have a truly unfair advantage over my opponent-as I appear anonymous to him but he does not to me, as he cannot purchase the same software that I have in order to level the playing field. And he's duped into a false sense of security because he believes that he is just as anonymous to his opponent as his opponent is to him.

Of course, that is all predicated on there being a security flaw that exposes actual player ID's. From what I can tell the original flaw has been fixed. As an IT professional, I believe the risk is low that one exists so long as bovada follows the rules of client-server security. But they've failed to do that in the past.

[NDN]

Obvious chip dumps are obvious, but more sophisticated dumps are completely possible and require a trained security staff to detect-something I would not be comfortable trusting the same security team the violated the first rule of client-server security.

I have never seen an issue where unauthorized access to a poker account resulted in the permanent loss of money for the victimized player.

But you miss one of the other big reasons why this security flaw could be bad. We all know I use tracking software to improve my play, track my opponents play and display statistics regarding their play in order to aid my decision making process at the table. Many opponents don't like this, and choose to play at anonymous tables in order to avoid it. But if the process to create that anonymity is broken, and I am able to gather the same data and use it in the same way as I did at non-anonymous tables, I now have a truly unfair advantage over my opponent-as I appear anonymous to him but he does not to me, as he cannot purchase the same software that I have in order to level the playing field. And he's duped into a false sense of security because he believes that he is just as anonymous to his opponent as his opponent is to him.

Based on the article and accompanying video that you had posted, I still see zero cause for concern.

Wouldn't a person need to manually check each table to locate a "known" player and/or develop a program that would do that for them? If they have those kinds of capabilities, surely there are more lucrative ways in which to use their talents. And wouldn't they still have to be an extremely skilled poker player to even attempt to locate you and then subsequently win money from you at a poker table?

Not to mention, why would anyone go through all of the trouble when they can play at several online poker rooms that do not have anonymous tables?

Quite frankly, if Bodog/Bovada advertised their games as "somewhat anonymous except to those with advanced computer skills who use their talents to identify you and suck you dry" or something like that, I would still play there without hesitation.

[klinkman]

You are correct, someone with the capability to develop such a program would likely have more lucrative ways to use that talent. But selling such a program might just be that lucrative. Poker Edge HUD proves to me that there is a market for programs that circumvent a site's Terms and Conditions and give an unfair advantage to players willing to break them

For those who aren't familiar, Poker Edge is a program that screen scrapes as you play to get hand data, then uploads it to a shared database of all hands played by all users of the program, then downloads statistics on the players at your table based on the entire shared database of hands. This type of data mining is prohibited by every site's ToS, but as it is one of the only ways to use a HUD on Cake Poker, many of the grinders break the terms in order to use it.

Cake does now allow HUDs to be used on a per table basis, I have no idea what impact this has on the use of Poker Edge at cake.

[NDN]

I just don't see the evidence that a single player at Bovoda/Bodog has an unfair advantage over any other player.