On Friday, CEREUS Network developers rolled out OpenSSL encryption for Absolute Poker and UB.com. Tokwiro Chief Operating Officer Paul Leggett announced on UB.com’s blog, “We have done thorough testing on the release and everything is working as it was designed. We are now engaging several third parties to test the new Client-Server encryption.”
Shortly thereafter, officials from PokerTableRatings.com, which first reported on the encryption vulnerabilities in CEREUS’ custom-made XOR system, reported that the new system could also be hacked. PokerTableRatings.com staff wrote in an update that appeared on the site, “The update seems to use OpenSSL only for player actions such as hole cards, bets, etc. – we have already been able to hijack a test poker account using the exact same methods. More to follow.” PokerTableRatings.com had issued three updates at the time of writing.
In its third update on Friday, PokerTableRatings.com testers revealed that CEREUS staff had responded back about the newfound vulnerabilities. An e-mail from CEREUS to PokerTableRatings.com read, “Thanks for getting back to me and bringing this to my attention. Our developers are working on resolving this issue right now and will follow up with a second update later today that will fix this.” Hole card data seemed to be secure using the new OpenSSL encryption. However, according to CEREUS, “one more piece of data” still needed to be converted.
The online poker forums were buzzing about Friday’s developments. Consequently, many players had shied away from the CEREUS Network for fear of being hijacked over a wireless network until the online poker rooms’ OpenSSL encryption was fully functional. CEREUS’ traffic fell from the sixth highest worldwide to ninth this week according to PokerScout.com, undoubtedly in part due to the negative press. PokerScout.com updates its rankings data every Monday.
Over the first 13 days of May, real money ring game traffic on the CEREUS Network peaked at an average of 3,160 players. During the same period in April, the number was 3,514, meaning that cash game traffic has dropped by about 10%. Leggett stated that any nagging issues with the OpenSSL encryption should be remedied by the end of the day on Friday, just in time for the CEREUS Network’s big money tournaments over the weekend.
In a podcast released on Tuesday, officials from PokerTableRatings.com shared their take on CEREUS’ response to the flaws: “It seems like they’re taking it pretty seriously. They’re putting in the OpenSSL library this Friday. Furthermore, they have asked us to look into their operations and tell players that they’re secure.”
At the time of writing, which is around 5:00pm ET on Friday, a total of 15,000 players are logged into the CEREUS Network battling it out on its virtual felts. TwoPlusTwo poster “100_Racks” observed, “There are 15,000 players online right now. There are usually around 20,000 to 21,000 around this time… Definitely seeing a drop-off.”
According to PokerScout.com, the CEREUS Network boasts a seven-day running average of 1,920 real money ring game players, putting its traffic on par with that found on the Microgaming Network. UB.com and Absolute Poker happily accept players from the United States.
PokerTableRatings.com advised readers to stop playing on the CEREUS Network until the family of sites was deemed secure. Otherwise, PokerTableRatings.com officials recommended that players plug directly into their modem so as to avoid exposure over a wireless network. The site added, “If a wired network is not an option, the player should make absolutely sure their network is encrypted using WPA2 encryption.”
Stay tuned to Poker News Daily for the latest developments from the CEREUS Network.
