Inetbet acting funny

[Sodax77]

Quote:

Originally Posted by Pinababy69

Of course I agree with that Soda, it's gambling. And there are huge amounts of money involved. There are good and bad operators, but bottom line, they are all out to make a buck. It just sounded to me like you are hurt, and you shouldn't be. That's why I posted about the friends thing.

Can you share with us what your original inquiry to Inetbet was? What was it that you were waiting on an answer about? That may clear up some of it. If it was privileged information of some sort, that they couldn't share with you, that could explain alot. It's up to you whether you want to tell us or not.

And yes, I understand what you're saying, for the most part. Swede is right, it can be difficult sometimes when English is not your first language. Maybe this IS nothing more than a misunderstanding? Without more info, I really can't say for sure.

Quote:

----- Forwarded Message ----
From: Y
To: me
Sent: Sunday, April 29, 2007 12:52:12 AM
Subject: X



NO MORE MAILS.



----- Original Message -----
From: Me
To: Y
Sent: Saturday, April 28, 2007 10:16 PM
Subject: X


Hi

Thanks for understandnig, when i helped you, with valid security issues

What was my mistake?! I do not know....

All i heard was:

Dear X,

We were not trying to be rude but we had no idea what the information you were sending us was.

When sending such information you need to clarify why it is being sent and what it is

We will pass this on to the tech team for them to look into

It is not something we deal with here at support

Regards

Brian



...and after i sent details, what you may need. I got your answer:



Dear X
You have been told repeatedly about your attitude.
Who do you think you are.
Publish what you want.
NEVER mail us again and your account is closed. PERMANENTLY.
Alan.
iNetBet Support Team.


Call me Alan xxxxxxxxxxxx
I am not a bad guy,,,, PERIOD

X
_____________________________

www:

http://ginagaming.blogspot.com/
http://theginagaming.blogspot.com/
MSN:X

Original message?!?!

Quote:

Here:

----- Forwarded Message ----
From: ME
To: Them
Sent: Saturday, April 28, 2007 9:34:52 PM
Subject: X


Hi

Ok

https://200.122.168.212/PDEQWQUNPRXKPBVDBAVR/XXXXXXXXX

[datasheet removed - due the security]

it is link from your email what you sent to me

Vista + Internet Explorer gave a red alert!

Sorry can not translate, but here:

Access Denied

Your session has expired
- OR -

You do not have access to view this page.

Please click here to log in again.


------------------------------

https://200.122.168.212/PDEQWQUNPRXKPBVDBAVR/
https://200.122.168.212/PDEQWQUNPRXKPBVDBAVR/

These details was available, when i clicked my username (referring withdrawal question email)

Please confirm that you had all data. Do not FAIL to reply even you do not get it!

And DAMN IT.... why i am even care.. i helped and used my own time 2 hours! ...what u did... drink coffee...

X

Plus many Virus-alert warning! (probably, because expired certificate, etc)

[Pinababy69]

Thanks Soda. Unfortunately, I am out of my league with ANYTHING technical. But my take on it is that you were trying to inform them of a security issue? And your complaint is that they never replied to or resolved the issue....or didn't acknowledge there was an issue? Something like that? Am I close? Sorry, I couldn't be of more help Soda. Maybe Emily could add some clarification or shed some light on this when she gets a chance?

BTW, did you post about this before? Is there another thread that I could read that would help me to understand it better? I just don't think that Inetbet is the type of place that arbitrarily closes accounts unless they "feel" they have a legit reason for doing so. Personally, my own experience, I have never had a problem of any sort there...besides the disconnection thing awhile back, which was common to everyone. Again though, that's just me.

[Sodax77]

Quote:

Originally Posted by Pinababy69

Thanks Soda. Unfortunately, I am out of my league with ANYTHING technical. But my take on it is that you were trying to inform them of a security issue? And your complaint is that they never replied to or resolved the issue....or didn't acknowledge there was an issue? Something like that? Am I close? Sorry, I couldn't be of more help Soda. Maybe Emily could add some clarification or shed some light on this when she gets a chance?

BTW, did you post about this before? Is there another thread that I could read that would help me to understand it better? I just don't think that Inetbet is the type of place that arbitrarily closes accounts unless they "feel" they have a legit reason for doing so. Personally, my own experience, I have never had a problem of any sort there...besides the disconnection thing awhile back, which was common to everyone. Again though, that's just me.

No, this first time, when i publish this. Ironically i am banned, because i said that i will post those screenshots in my blog, if they do not correct those within few months. (screenshots: currently: not available: Never wasn't)
(You may check standards via google - referring Secunia, etc - It is always to GOOD to give a chance to programmer/etc correct mistakes, before, publicity) ...but this was major reason, why Alan BANNED me

But i admit, that this a good casino. Unfortunately i can not recommend iNetBet to everyone.

Remember, almost 1200 emails are positive... and only few may have this kind of critic!

Plus

http://www.casinomeister.com/forums/...hlight=Inetbet ('06)
http://www.casinomeister.com/forums/...hlight=Inetbet ('04)
http://www.casinomeister.com/forums/...tbet#post99459 ('06)
http://www.casinomeister.com/forums/...tbet#post36429 ('04)
Etc, etc

[paul02085]

I dont mean to be rude but i have no clue what this is all about.

[Pinababy69]

Quote:

Originally Posted by paul02085

I dont mean to be rude but i have no clue what this is all about.

I'm pretty lost too Paul, so don't feel bad. I don't really understand the issue, besides the fact that Soda's account has been closed. All I can gather is that he had some "security issue" with the casino, and after that, I don't know.

[Sodax77]

Quote:

Originally Posted by Pinababy69

I'm pretty lost too Paul, so don't feel bad. I don't really understand the issue, besides the fact that Soda's account has been closed. All I can gather is that he had some "security issue" with the casino, and after that, I don't know.

Indeed

The point is: MY ACCOUNT IS CLOSED, BECAUSE I SENT DETAILS TO INETBET,
WHAT WAS THE SECURITY ISSUE.

THIS IS CONFIRMED,
DATABASE WAS OPEN - DATASHEET WAS OPEN

I SAID I WILL PUBLISH THIS ISSUE, IF THEY DO NOT FIX THIS.

REPLY WAS: THEY CLOSED MY ACCOUNT!

IS SECURITY ISSUE STILL EXIST, IS IT POSSIBLE TO LOAD DATASHEET - BASED USERNAME/ETC - ANSWER: YES

Hopefully capital letters helped you understand...

ok, ok... i am F´king pissed... so try to get it...

damn it.. or read my over 650 useless posts

f´king damn it... pardon my france, i mean Finnish

[KasinoKing]

Quote:

Originally Posted by Sodax77

Remember, almost 1200 emails are positive... and only few may have this kind of critic!

I'm a bit confused as well, but I can imagine anyone receiving 1,200 e-mails from 1 person, no matter what the contents, would be likely to get a bit peeved!

Sounds a bit obsessive & certainly excessive to me.

From Soda's posts I think he is saying that a first grade junior computer hacker can access iNetBet's database of all players names, account numbers & other personal details...?
Could be wrong here, but that's my interpretaion...

KK

[vinylweatherman]

Quote:

Originally Posted by KasinoKing

I'm a bit confused as well, but I can imagine anyone receiving 1,200 e-mails from 1 person, no matter what the contents, would be likely to get a bit peeved!

Sounds a bit obsessive & certainly excessive to me.

From Soda's posts I think he is saying that a first grade junior computer hacker can access iNetBet's database of all players names, account numbers & other personal details...?
Could be wrong here, but that's my interpretaion...

KK

You have probably got it in one.

Looks like an incorrect link was sent out to the player, which instead of linking them to their OWN account, linked them through to the casino administration panel

The link posted (without the /XXXXXXX) simply requires the administrator to log in, clearly hackable, since a good deal of the legwork has been done by giving out the route to this page on the server (a sequence of 20 random letters). I presume that, given an appropriate value for the following /XXXXXX, the link will automatically log into the casino admin area.

It seems that sodax is saying that the original link DID INDEED have a value for "/XXXXXXX" that logged straight into the admin area.

When sodax tried to make the support staff aware, they simply assumed this was a threat (blackmail - whatever), and reacted by not cooperating with this attempt to assist, but rather brought on a confrontation. The accusation that sodax was attempting to obtain "personal information", seems to be derived from their view that sodax had actually hacked the server, and had sent the resulting spreadsheet not as evidence of the bug, but as a statement of "threat", such as "do this for me, or this information might be misused.)

I would hope that all administrator username and password details were immediately changed as soon as they were aware of this breach, but they should also ensure that they are sufficiently secure such that a cracking script attached to this page could not grant easy access.

As well as personal details of players, this admin area will probably contain access to the operator "tweaks" to payout tables and slot percentages.

Strictly speaking, the login area should not be shown to an IP outside of the range used by apropriate employees. Most websites would simply show "access denied", rather than allow use of the secure page.
It may be that the admin page is on the same server as the players use to log into their OWN accounts, and thus cannot be blocked by IP.

The fact that sodax originally got in through the link in the E-mail about the withdrawal means this is a pretty serious issue, as the same mistake could well be made in E-mails to other players, they may even just try to log into their player account without really reading the fact this is "administrator", not player, login.

The large number of E-mails exchanged between sodax and support simply ensured this issue was looked upon as "oh no, not again!", rather than being properly addressed. This just ensured sodax got the impression they just did not care about the potential security issue, and just wanted sodax to "go away and forget about it" - sodax could not do this until an assurance had been received that management had checked for, and closed, any security issues.

I rather get the impression this is an RTG problem, not just this one casino, and is how the RTG software comes when supplied. At the very least, the page should have been reallocated such that it could no longer be reached by the original 20 letter coded link.

I expect there are MANY RTG casinos where this happening would be treated with enthusiasm by disaffected players, but fortunately InetBet is not one of them. Disaffected players are probably thinking along the lines of "does this glitch exist at CoolCat".

I had not thought that one of the major brands would allow administrative access over the internet with just the protection of two simple codes (user & password). I get the impression that such functions at brands such as Microgaming are performed locally at the offices of the operators by secure links (I could be wrong, operators please do NOT clarify if this is the case, just check it really is secure!).

It might be an idea to have Bryan look at all these E-mails that lead to this parting of ways, mainly to see how this developed into a mud-slinging match when sodax tried to report this one security concern. (Or was it already a mud-slinging match BEFORE this particular issue became the "last straw" for support).

[Pinababy69]

Thank you Vinyl (and KK). You have described it in terms that even I can understand. I have zero technical knowledge like I said, and Soda I'm sorry that I couldn't grasp your explanation, and just frustrated you further. No harm done.

That is an excellent post VWM, and something that should be looked at further, IMO.

[just play]

I'm surprised iNetbet hasn't commented on this yet.

They are here a lot, and they are here right now actually.