In his blog on PokerRoad.com Tuesday, Team UB pro Joe Sebok addressed the recent security problems involving CEREUS Network sites UB.com and Absolute Poker. Players waited anxiously to hear from anyone associated with the two sites and Sebok responded with his take on the reports that outraged the poker community last week.
“It goes without saying that everyone is shocked and concerned, rightfully so, over the most recent UB security issues that have gone down,” Sebok wrote. “I have received numerous emails from people asking me how another cheating scandal could have gone on there. This is not true. There has not been another incident of cheating that has been found, but rather a scary security hole that was discovered.”
The security issues Sebok referred to the concern that the CEREUS Network’s custom form of encoding was found to be extremely vulnerable. According to PokerTableRatings.com, which was able to crack the CEREUS N’s encryption method, the security leak could have allowed hole cards of other players to be viewed. While most industry leaders use the standard SSL protocol for all network transmissions, CEREUS’ custom encryption made it particularly simple to decrypt network data.
Sebok shared an e-mail he received from the management at UB.com that said the incident was a “relatively small issue and one that was remedied quickly.” But even Sebok relayed his worries regarding the alarming news: “Clearly with the history that UB has had, everyone was incredibly concerned about the situation. It seems that it has been dealt with at this point and it is my hope that ANY members of the poker community get involved and attempt to test the security as they can. I have spoke with (UB parent company Tokwiro Enterprises) CEO Paul Leggett and he has assured me that he welcomes any and all of those members to not only test security but also to go through past records as well regarding other issues that many still feel that haven’t been addressed.”
UB.com also addressed the security issued in a Q&A blog posted on Tuesday: “SSL technology is currently being used for encrypting certain data, such as player login credentials and all cashier information. However, the client-server communication that occurs during game play was developed using a proprietary encryption method. We are frankly embarrassed that the SSL standard was not used in this data exchange. We are very disappointed with our software development company and internal QA testing. We fully acknowledge that the blame falls on us.”
When asked about the site’s current security, UB.com claimed it immediately began implementing an improved method for encrypting data after it learned of the weakness. “We released the new and improved method in less than 24 hours after learning about the vulnerability. We consulted a team of hackers in order to help us develop this solution, which includes complicated random keys in combination with MD5 encryption.” The entire Q&A can be found at blog.ultimatebet.com.
Sebok, meanwhile, continues to act as a middle man between the poker community and the management team at UB while the security flaws are being attended to. “I have asked Paul (Leggett) to write a semi-regular blog addressing some of the issues that some of the poker bloggers bring up and he has agreed that that is a good idea and something that we need to do,” Sebok explained. “Whether it is hand-histories, ownership issues, or security ones like the one above, often I am not in a position to directly answer them as I do not work in Costa Rica at the home offices and actually help run the company. I advise, and again, try to serve as a conduit for information to flow through when issues are brought up, but in truth I don’t often have the answers.”