Another Ultimatebet Scandal

**Caruso** · 10 May 2010, 7:52 am

Oh yeah, and at the risk of stating the obvious: they're eCOGRA approved:

https://www.ecogra.org/PressRoom/Pres...a-a647a6138a6c

The result is one of the most tightly constructed online poker softwares in the industry, which has passed the stringent inspection regime of standards and player protection non-profit eCOGRA with flying colours.

Translation:

They stood us an evening of drinks down the pub

**joeyl** · 10 May 2010, 8:20 am

A possibility there were 2 encryption systems. 1 good, 1 not so good. Evidenced by how quick they say they changed things?

If that is true, now you know.

**LuckyLizzy** · 10 May 2010, 8:23 am

This definitely doesn't look good for the network...and I was really rooting for them to have their act together. They should just use the same encryption methods other online poker networks use and they could avoid issues that appear to be or are a scandal.

**thepokerkeep** · 10 May 2010, 8:58 am

Originally Posted by Caruso

The answer is the same as why people gamble online in the first place: they are retards. Without retards, there'd be no industry.

Forget AB / UB: the owners could be molesting children in the next room; their online gambling parents would still happily clickity-click away.

People still patronise UB / AP because they are retards. End of.

Useful info I'd have missed, as apart from the Microgaming scandals I don't follow poker. I'll contribute a write up.

I think a big reason this network continues to attract players is the fact that stories like this one are not being published by the major "poker news" sites.

Then there are the sites and forums that provide glowing reviews but fail to mention the previous scandals. But hey, who cares about **** like superusers, bait and switch bonus offers and security leaks when they accept American players and offer rakeback. The commission is too good to give up. Right?

The result... most players are blissfully unaware of this or past problems with AP/UB. Sadly, I don't see this changing anytime soon.

Thanks for doing your part in getting the news out.

**Caruso** · 10 May 2010, 9:51 am

One for Toddy / Anthony / APCW et al, of course.

**doovde** · 10 May 2010, 5:23 pm

Originally Posted by Caruso

One for Toddy / Anthony / APCW et al, of course.

Yup can't wait to see how that goes down.

I am more than disapoitned to hear this tbh. I jsut added UB to one of my poekr sites for the first time since i dropped them after the previous scandal and now this.

**arkyt** · 10 May 2010, 6:13 pm

So PTR hacked into UB then said, "hey look what we did, you better fix it" ... ?

When will they be off to jail?

Originally Posted by Caruso

Oh yeah, and at the risk of stating the obvious: they're eCOGRA approved:

https://www.ecogra.org/PressRoom/Pres...a-a647a6138a6c

Translation:

They stood us an evening of drinks down the pub.

Imagine that!

Originally Posted by thepokerkeep

I think a big reason this network continues to attract players is the fact that stories like this one are not being published by the major "poker news" sites.

I think the reason they continue to strive is because they pay a handful of highly recognizable pros to advertise their crap. The pros demonstrate zero sense of ethics because they are blinded by all the money in front of their eyes. Industry rule - its all about the money!

**martin b** · 11 May 2010, 8:21 am

i am shore that they are doing their best, the hackers are pretty smart people

**ChipDani** · 11 May 2010, 1:15 pm

Hello Everyone,

I hope all is going well this week.

I completely understand the concern that last week's incident has stirred up but I think that this situation has been taken to the next level, this has been diligently taken care.

Please remember that for someone to have exploited this vulnerability, they would have to have the technical capabilities to crack the encryption/cypher method that we used prior and they would have also had to hack into your local network in order to gain access to sensitive data.

The method we used for encryption/cyphering was outdated. As soon as they reported the issue to us, we immediately began working on solutions. We released a new version of our software the next morning to address the security vulnerability.

Again, we have no reason to believe anyone has exploited this vulnerability but we have just begun investigating users that our players have requested. We are reviewing all serious complaints to see if any player was able to exploit this vulnerability and we will investigate any other serious requests we receive.

We fixed this issue by implementing a more advanced multi-layer encryption, and we have also implemented logic that will prevent any manipulation of this encryption.

We have also started working on a more advanced solution, which is the implementation of the OpenSSL standard for our client encryption. We expect to have this live in a few days.

We have been in communication with 3rd party companies who we will be working with us to test the new encryption that we are using and the OpenSSL version that we are working on now. We are also discussing the possibility of PokerTableRatings (PTR) engaging the poker community and auditing our complete security in order to ensure we are doing everything possible to provide a secure gaming environment.

Kind Regards,
Dani

**dhayman** · 11 May 2010, 3:57 pm

OK, I just caught up from the last few days. Let's cut a little slack here. Cereus has
acknowledged the problem, and has admittedly put immediate resources on it, to rectify
things on a short-term and longer-term basis. Let's give them credit for admitting to the
vulnerability publicly, and being open about it. Certainly, they could have taken a
sweep-it-under-the-rug approach, but they chose to meet this head-on, knowing that there
would be backlash, and I respect that.

If you are going to question this, then let's question everything. I have no clue who PTR
is, and I certainly mean no animosity to be directed towards them, but if we are going
to scrutinize everything, how about looking at them ? Aren't these guys affiliates just
like the rest of us ? Could there be a money angle to their discovery ? Hypothetically,
couldn't they have been paid large sums of money by competing brands to expose this
security vulnerability ? If they are so-called audit experts (perhaps, self-proclaimed), why
didn't they catch the lack of SSL-implementation years ago ? I don't want to get into a
semantics battle again, but surely this could be a counter-scandal, no ? Again, I mean no
disrespect to PTR, because I don't know who they are, but if we are going down the road
of hypothetical conspiracies, this one makes perfect sense to me, and I think this should be
examined as well.

Maybe we can hire auditors who can audit the auditors here ? Maybe I'll start an Auditor's
Auditors company and build a website for it.....surely, I should be able to get a lot of
backlinks for that creation ? Maybe I'll start an affiliate program, for the recruitment
of auditors. Maybe I'll start an Auditers University. Maybe I can get Obama to allocate
some Stimulus money towards it, or tap the EU for some of that Greece Trillion ? Maybe I
can sell my services to American Idol. I can even envision an Auditors Olympics every 4
years. Gosh, the opportunities are endless here. Now I'm really excited ! But, once again,
I am digressing.....

Cereusly, I don't know if it was on this board or another one, but as one astute poster pointed
out, this industry doesn't need any more black eyes. This problem was discovered, and has
and is being addressed. If that's not good enough for you personally, don't play there or
promote the brands - that is certainly your perogative. I, for one, choose to view the glass
as half full here.

Gotta run, Joe Biden is calling....something about filling out some forms to get some
stimulus seed money for my company.........

**thepokerkeep** · 12 May 2010, 4:17 am

dhayman,

It's obvious no one is going to change your opinion. Your mind is made up, you're going to continue to promote AP/UB as the greatest (safest) places to play. So, there's no sense wasting any more time trying to convince you otherwise.

Dani,

Nice try.

Please remember that for someone to have exploited this vulnerability, they would have to have the technical capabilities to crack the encryption/cypher method that we used prior and they would have also had to hack into your local network in order to gain access to sensitive data.

Wrong! The UB server could be hacked from the server side no matter how secure the player makes their own network. Any half assed hacker has the ability to crack the current encryption, that has not yet been fixed and won't be until the SSL encryption is implemented.

Read the posts above and read the threads running on PAL and 2p2 (links above) for more discussion about how easy this hole is to exploit.

.................................................. ........

Here's one more reason why AP/UB should be avoided like the plague. Apparently, they are defaulting on their debt.

It looks like they will be in arrears to the tune of $2,100,000.00 as of May 31, 2010

Do you want to send your players to a room or network that may be bankrupt within a few months?

sources:
Document 1
Document 2

**ChipDani** · 12 May 2010, 10:24 am

Hi Everyone,

Here are some questions that have been answered by our team on the UB blog, please take a look:

https://blog.ultimatebet.com/2010/05/...ked-questions/

Very Best,
Dani

**fastermule poker** · 12 May 2010, 11:23 am

As Eric "Sheets" Haber used to say at the end of his training videos now and then FUB!.

**Caruso** · 19 May 2010, 10:50 am

https://online_casino_news.hundredper...-bet-more.html

Thread: Another Ultimatebet Scandal

LinkBack

Thread Tools

Search Thread

Display

Cereus Security

Cereus Security

The Following User Says Thank You to Caruso For This Useful Post:

Tags for this Thread

Posting Permissions