Cereus Network, which houses eminent online poker rooms such as Absolute Poker and UB Poker, both owned by Tokwiro Enterprises, was caught up in a security controversy recently when the encryption methods used by these poker rooms were discovered to be weak. Poker Table Ratings (PTR) showed how easy it was to hack an account at UB or Absolute Poker. PTR also showed that a hacker who simultaneously hacks a player's UB or Absolute Poker account as well as his/her Internet connection will be able to see the player's holecards and use the information to cheat at the gaming tables.
Chief Operating Officer of Towkiro Enterprises, Paul Legget, acknowledged the breach of security and promised to have the issue fixed at the earliest possible. Leggett also expressed his embarrassment that the issue was not discovered by the company's internal staff and said that the company plans to find the best security solution and have third parties to test it to ensure that its customers get the best possible security.
If hackers want to see a UB or Absolute Poker player's holecards and use this information to cheat at the poker tables, they will have to hack the site's encryption as well as the said player's Internet access. Both Cereus Network and PTR however assure that such a situation is very unlikely to occur. They also point out differences between the current security breach and the super user scandal that gave Absolute Poker and UB Poker a lot of unwanted publicity a few years back. While the former is just a technical oversight, the latter was a carefully planned inside job.
Paul Legget, in response to a question from Card Player, said that the client encryption method used for the Cereus game clients was outdated. A new version of the software was immediately released to address the security flaw. Cereus is also working on a better solution involving the implementation of OpenSSL standard in the client encryption, which might go live by the following week. Members of UB Poker and Absolute Poker players who have queries regarding the security of their accounts can email firstname.lastname@example.org or email@example.com.
No comments have been submitted thus far.