Friday, May 14, 2010

Joe Sebok On Ultimate Bet's (UB) Latest Software Encryption Scare!

Like a sharp boxing counterpuncher, Ultimate Bet's pubic relations frontman Joe Sebok has a right-hook defense every time UltimateBet gets hit with a poker-cheating right hand. Each time there is worry and panic that the site recently victimized by the biggest online poker-cheat scandal of all-time is suspect again, Sebok is there to ward off the blows and assure everyone that there is nothing in fact cheatworthy at UB and all is well. Just last week we heard that the UB encryption software was flawed and vulnerable to cheating, so naturally Sebok is here again to reassure us. Here is what he said on his PokerRoad blog.

Sorry for the delay everyone. It was one of my best friend's bachelor parties and I obviously needed to attend that this past weekend.

It goes without saying that everyone is shocked and concerned, rightfully so, over the most recent UB security issues that have gone down. I have received numerous emails from people asking me how another cheating scandal could have gone on there. This is not true. There has not be another incident of cheating that has been found, but rather a scary security hole that was discovered. This is an email that I received that I wanted to share with you all with some inside information directly from UB:

"I wanted to touch base with all of you as I know there was some concern with this recent encryption issue found on our network.
Please understand we fully see the frustration you have with this type of issue as we do as well. However, I am very confident in stating this was a relatively small issue and one that was remedied quickly. Please remember that for someone to have exploited this vulnerability, they would have to have the technical capabilities to crack the encryption/cypher method that we used prior and they would have also had to hack into your local network in order to gain access to sensitive data. It is possible that a hacker could try to develop a system to intercept communication through the internet but this is even more complicated and we believe it is even less likely than the first scenario described.
The method we used for encryption/cyphering was outdated. As soon as they reported the issue to us, we immediately began working on solutions. We released a new version of our software the next morning to address the security vulnerability.
Again, we have no reason to believe anyone has exploited this vulnerability but we have just begun investigating users that our players have requested. We are reviewing all serious complaints to see if any player was able to exploit this vulnerability and we will investigate any other serious requests we receive.
We fixed this issue by implementing a more advanced multi-layer encryption, and we have also implemented logic that will prevent any manipulation of this encryption.
We have also started working on a more advanced solution, which is the implementation of the OpenSSL standard for our client encryption. We expect to have this live in a few days.
We have been in communication with 3rd party companies who we will be working with us to test the new encryption that we are using and the OpenSSL version that we are working on now. We are also discussing the possibility of PokerTableRatings (PTR) engaging the poker community and auditing our complete security in order to ensure we are doing everything possible to provide a secure gaming environment."

Clearly with the history that UB has had, everyone was incredibly concerned about the situation. It seems that it has been dealt with at this point and it is my hope that ANY members of the poker community get involved and attempt to test the security as they can. I have spoke with CEO Paul Leggett and he has assured me that he welcomes any and all of those members to not only test security but also to go through past records as well regarding other issues that many still feel that haven't been addressed.

I continue to work with the team over there to attempt to make sure that there are open lines of communication between the poker community as a whole and the UB management. I have asked Paul to write a semi-regular blog addressing some of the issues that some of the poker bloggers bring up and he has agreed that that is a good idea and something that we need to do. Whether it is hand-histories, ownership issues, or security ones like the one above, often I am not in a position to directly answer them as I do not work in Costa Rica at the home offices and actually help run the company. I advise, and again, try to serve as a conduit for information to flow through when issues are brought up, but in truth I don't often have the answers. I wasn't with UB when many of the negative issues originally happened and thus don't always know the answers, but I want to be able to put Paul in a position where he can answer them. I am hoping that this will bring more truth into the light and hopefully assuage people's fears.

On the latest issue, Paul has instructed me that he is currently working on a list of FAQ's that UB will be using when they call players as well as posting on the blog. He will be posting that later on in this week.

As always, I can be emailed for any number of issues from anyone in the community. I am continuing to attempt to handle most hand-history related questions, although some are in the queue. I always have some frustration at the time that it takes to get things sorted out, as well as the fact that there are some issues on the UB side with retrieving the data occasionally, I'm usually told that are based in the fact that the Cereus network was began not too long ago and much of that data is held elsewhere. I would like Paul to write a blog explaining the issue there as well...

That's it for now. Talk soon...peace