Friday, May 21, 2010

Should CEREUS Security Holes Terrify Online Poker Players Afraid of Being Cheated?

According to this artice on, you online poker players better be shittin' in your pants!


Recent revelations regarding security flaws at the CEREUS Poker Network should give online poker players ample motivation to lobby all rooms for thorough and transparent security audits.

CEREUS, a top-ten poker network anchored by the Absolute Poker and UB (formerly Ultimate Bet) poker rooms, came under fire last week when independent testing revealed that a lack of SSL encryption on critical player data could potentially allow hackers to gain access to player's accounts and view their hole cards in real-time.

The scandal had a special resonance for online poker players, as both rooms have been the subject of controversy in the past regarding security - or a lack thereof. UB and AP were each embroiled in wide-reaching cheating scandals that rocked the poker community, involving hundreds of players and millions of dollars.

While no players have as of yet reported being impacted by the latest vulnerability, it's still shocking that a company fresh off of dealing with one major security issue could fumble another so badly. CEREUS reacted fairly quickly to the revelation, but an initial patch that claimed to close the hole was proven ineffective, and a final implementation of SSL encryption took well over a week from the original report.

At the time of this report, the reported flaw had been fully corrected, with extensive tests confirming that the new encryption employed by CEREUS provided players with a suitable level of security. That said, all players should take this story as a cautionary one, and aggressively lobby the poker room of their choice to conduct comprehensive, publicly available audits of their security processes to ensure that terrifying oversights such as this occur with lower frequency (if not at all).