Quote Originally Posted by NDN View Post
I think you're being way too dramatic. An extremely small percentage of people would be capable of doing what these guys did (which has since been corrected) and an even smaller percentage of those people would be able to come up with the passwords needed to access accounts.

Not to mention that poker rooms have other safeguards in place to spot intrusion and protect their players.

If you still somehow managed to get past all of that, they would be able to detect you dumping and subsequently requesting a withdrawal (ask any of us who have "dumped" in the past because P2P transfers weren't possible only to have our accounts locked immediately after).

But lets pretend that none of the safeguards worked as they are supposed to and someone managed to get through all of them.

Bovada/Bodog is more than capable of reimbursing you and they would do so immediately in a situation like this.

But wait, what if they didn't? Then you contact myself or Judy and we'll help you get things resolved?

What if we can't do anything? Well, there's plenty more resources that we would then use to get things resolved.

What I'm saying is that you're more than covered should you encounter a problem at any reputable online establishment.
I'd wager that the percentage of people capable of doing what they did and capable of exploiting it is exactly the same-anyone with the capability to create that kind of program will have no problem, for example, orchestrating a dictionary attack in the manner demonstrated in the video.

Obvious chip dumps are obvious, but more sophisticated dumps are completely possible and require a trained security staff to detect-something I would not be comfortable trusting the same security team the violated the first rule of client-server security.

You are completely correct that bovada would be able to reimburse you for your losses, and that you and Judy are in a position to help us accomplish that goal.

But you miss one of the other big reasons why this security flaw could be bad. We all know I use tracking software to improve my play, track my opponents play and display statistics regarding their play in order to aid my decision making process at the table. Many opponents don't like this, and choose to play at anonymous tables in order to avoid it. But if the process to create that anonymity is broken, and I am able to gather the same data and use it in the same way as I did at non-anonymous tables, I now have a truly unfair advantage over my opponent-as I appear anonymous to him but he does not to me, as he cannot purchase the same software that I have in order to level the playing field. And he's duped into a false sense of security because he believes that he is just as anonymous to his opponent as his opponent is to him.

Of course, that is all predicated on there being a security flaw that exposes actual player ID's. From what I can tell the original flaw has been fixed. As an IT professional, I believe the risk is low that one exists so long as bovada follows the rules of client-server security. But they've failed to do that in the past.