rockycatt

meistercatt
Joined
Oct 26, 2008
Location
Boston
there is also a great number of cheaters on cell phones and skype and thats even more rude

this should block them as well , thats what ftp was trying to do with that latest raped table exchange poker
format they last instituted i forget the name of it now but that was there intention along with speeding up rake

PS it was named RUSH POKER
 

pokeraddict

Webmaster
Joined
Aug 3, 2002
Location
Las Vegas
It turns out Bodog's anonymous tables can be hacked like the Party Poker ones:

You do not have permission to view link Log in or register now.


So let's review - Bodog removes usernames to make the tables more fish friendly, then one of the major datamining services cracks it is just a few days. Let's add this to the no longer honoring problem gambler exclusions, the complete lack of security the new Bodog software offers and .... well I will not continue, we all know.

Also, this website makes some great points about how trusting a KGC poker room is a ridiculous thought:

Link Removed ( Old/Invalid)

While I believe the sports book is still legit, I think the poker offering is not a secure site and should no longer be considered a legitimate poker room. They did not even bother to remove the usernames from the Bodog server and it got cracked in 3 days. What other security issues are there with this software that was touted as so secure that players need not worry about catching collusion and cheating because Bodog is on top of it?

I encourage Casinomeister to rethink the accredited status of Bodog.
 

maxd

Complaints (PAB) Manager
Staff member
Joined
Jan 20, 2004
Location
Saltirelandia
I encourage Casinomeister to rethink the accredited status of Bodog.

Just a friendly reminder, if you want Bryan to see something like this ASAP do use the "Report Post" feature to bring it to his attention:

Attach Removed (Old not found)
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
Blimey!!

EDIT

In the long term, I expect the pro players will STILL fleece the "fish", and will even find new tools to help them.

Replace with....


In a matter of days, I expect the pro players will STILL fleece the "fish", through the use of new tools developed by those companies who's current tools have been rendered valueless, yet who are not prepared to shut up shop and go away.


I was thinking more along the lines of a new statistical model having to be developed to make sense of the anonymous records, as the current method requires individual players to be identified to the hand histories.

I had assumed that since screen names no longer formed part of the software, there would be no need to unnecessarily send this data to the client as it would clog up bandwidth.

It now looks like the software was merely "patched", rather than being rebuilt, so it could contain many other holes. It was poorly coded software that opened the exploits to the insiders at AP and UB.

Now, the "sharks" have an even BIGGER edge than before at Party Poker at least, because not only can they track down the "fish" as before, they can do so whilst those "fish" have dropped their guard because they believe they have been granted anonymity, and that if they get fleeced, it is all down to luck of the "shark" bumping into them.

It also seems that data mining still works as before, when we were told that the point of this move was to render such unfair tools useless to their users, and thus level the playing field.

We only found out this so fast because the data mining company decided to spill the beans. They could just as easily have kept quiet about this exploit, and developed it into a new tool for the "sharks", been vague as to exactly how it works, but sell it by convincing users that it DID work, and was well worth buying. Even if it came to light, many would have dismissed it as a scam on the part of the developer, and considered it in the same light as those that peddle "roulette systems" that can supposedly give the player an edge on a random game.

The article suggests that this exploit could have been around for far longer, but being sold on the black market for use at Party Poker and Microgaming networks.

If it turns out it WAS being used by players on these networks undetected by said networks, then can we really rely on the assurances from Bodog that they have in place the necessary procedures that would allow them to spot any such new tools appearing in their room, and put a stop to them.

Reading an active process list is no good, as it only detects known tools. Something completely new just wouldn't ring alarm bells. Even existing tools could be hidden from such detection, easily done by anyone with some programming knowledge, especially where they build the "exe" locally from source code and generic libraries.
 

rockycatt

meistercatt
Joined
Oct 26, 2008
Location
Boston
if there really is any holes in bodogs latest attempt to block cheats then this is a good article it will give them more of what they need to go in the directin that there traveling to rid the poker rooms of PC farms , skype cheats as well as cell phone cheats and data miners
 

pokeraddict

Webmaster
Joined
Aug 3, 2002
Location
Las Vegas

This is what took 3 days to hack. Now all player's account numbers are exposed for the potential of hacking individual accounts plus the entire point of anonymous tables has been shown to now only favor people who datamine with companies like this one. If this hack was so easy, what about all of the other issues that have come with this "upgrade"? How long until even more security issues are exposed? I beg anyone that is promoting Bodog to immediately stop, at least until they fix this major security issue or really, go back to the old software.

I think this could qualify Bodog for the biggest blunder of the year. Bodog claimed this made everything more secure and we should 100% trust their security department meaning there is no reason for 3rd party oversight. According to them, all of the players screaming about the potential security issues were wrong. Obviously we were right and until Bodog reverts back to the old software they cannot be considered a secure place to play online poker.
 
Last edited by a moderator:

BodogBecky

Dormant account
Joined
Jul 28, 2009
Location
Boston, MA
It appears that Bodog's new software ignores casino self exclusions as well. The CS reply shows that the issue will not be resolved and tells the player not to click the icon if they do not want the casino games:

You do not have permission to view link Log in or register now.


This puts Bodog in conflict with being considered an accredited casino:



https://www.casinomeister.com/accredited-casinos/

Just wanted to confirm that the Bodog Network team is going to fix this asap!

Becky
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
You do not have permission to view link Log in or register now.


There is the dataminer's full explanation of what has happened here.

Even though this was discovered almost 24 hours ago the software is still operating and Bodog has said nothing. We know they are reading these forums...

I see, screen names are gone, but what is happening is that each client is being sent the Bodog ACCOUNT NUMBERS of every other player at "your" table. This is WORSE than others being able to see your screen name, as the account number is one of the secure fields used to log in to an account. It would be like casinos displaying my account number on the scoreboard of things like MPV tournaments. I have to admit, some MGS casinos actually DO this when they set up the alias for you, but mostly it seems to be naive players choosing their account numbers as their alias.

The account number issue here would seem to render all PAST data mining worthless, as it is based on screen names, but unbeknown to players, a fresh start could be made by tracking based on these account numbers.

Bodog are also accused of lying in their "spin" by indicating that this kind of hack could not even happen because the "data is not even sent to the client" and so it could never be intercepted.

It was easily spotted that these numbers were account numbers with the digit "1" added to the end by their programmer sitting down at the table, and comparing his own anonymised ID against his login, revealing the formula used by Bodog.

They finish off by arguing that the end result is WORSE than before, because the victims of the pro players have been lulled into a false sense of security, whereas before they KNEW they could be identified by their screen name, and tracked, even if they were unaware of how it was done, and by whom, or how much of an advantage it gave the pro players.

It seems the "party cracker" has been around for a while, so players there have been falsely believing they were completely anonymous to the "sharks", when in fact they were often "easy prey".

It seems odd that this company have decided to blow the whistle, rather than develop and sell "Bodog cracker" for profit, even though data mining poker hand histories is their business, and anything that stops this could drive them out of business. It seems THEY are "up to something" too, and have decided to sacrifice a potential "Bodog cracker" money making venture in order to gain some moral high ground that they probably hope will give them an even better opportunity later on.

It could be that they are trying to pressure Bodog into a rollback to the old software, and kill the idea among other poker sites that anonymous tables is a bad move. Their motive for this would be obvious, their old tools are no longer at risk of becoming obsolete, and this preserves the value of work they have already undertaken, and are profiting from.


It does not matter whether it is an account number or some other fixed numerical identifier that Bodog sends to the client, but hides from the "recreational user". ANY numerical value that is "hard wired" to a particular player can be used for datamining and player tracking, this value needs to stay on the server, and if the client needs something, it should be a disposable ID, a bit like the "one time only" credit card numbers generated by desktop virtual payment cards like Net+. This would ONLY be tied to a particular player for that one game at the one table, but could NOT be used to track and profile their playing style over a period of time at a number of different tables. I thought this was what Bodog had done to start with, and why a new statistical approach would be needed in order to develop a new set of tools for the pro player.
 

pokeraddict

Webmaster
Joined
Aug 3, 2002
Location
Las Vegas
Still nothing from Bodog except banning the accounts of people that discovered this security violation. Instead of accepting the fact they have some serious security issues and swallowing their pride, they ban the person that did their IT and developer's job for them for free. That is an interesting solution to getting caught with software that needs to be destroyed.

While this does not rank up there with insider cheating scandals or MG skin implosions, this is still a tier 2 scandal. Does Bodog think this is going to go away?
 

vinylweatherman

You type well loads
Joined
Oct 14, 2004
Location
United Kingdom
Still nothing from Bodog except banning the accounts of people that discovered this security violation. Instead of accepting the fact they have some serious security issues and swallowing their pride, they ban the person that did their IT and developer's job for them for free. That is an interesting solution to getting caught with software that needs to be destroyed.

While this does not rank up there with insider cheating scandals or MG skin implosions, this is still a tier 2 scandal. Does Bodog think this is going to go away?

A cover up in progress. This will ensure that others who have found this glitch and others will KEEP QUIET rather than blow the whistle and risk having their account banned. It will also stop anyone with the skills to investigate further from being open about it.

It is too late, the glitch is in the public domain, along with how to exploit it. There are bound to be players who will now start trying to use it to gain an advantage, and even other tool developers that will try to sell exploit tools on the black market.

Having buried the issue, the recreational players will again be lulled into a false sense of security, believing the glitch had been "dealt with", and could no longer be used. The players using it will be able to do so in the knowledge that Bodog officially deny such a glitch even exists any longer, and their victims believe this to be true.

If an account number is a critical piece of information needed to hack an account, there will be a rise in complaints from players who believe their Bodog accounts have been hacked, even though they have kept this information secure at their end as responsible players.
 

pokeraddict

Webmaster
Joined
Aug 3, 2002
Location
Las Vegas
The latest from HH Smithy. Bodog has had two full business days to respond to this and fix it (which appears to be impossible with their software) or go back to the previous version. They are usually very vocal about everything. Now that it has been shown that they are not running a secure online poker room they disappear.

 
Last edited by a moderator:

pokeraddict

Webmaster
Joined
Aug 3, 2002
Location
Las Vegas
You do not have permission to view link Log in or register now.


So their software gets cracked in what is claimed to be 3 hours. Instead of swallowing their pride and admitting their experiment failed, they take cheap shots at the person that brought it public even though it was done for no monetary gain, only as a challenge and to prove Bodog was wrong.
 

jetset

RIP Brian
Joined
Feb 22, 2001
Location
Earth
It took them two days to come up with this spin and damage control:rolleyes:?

On something as serious as a weak privacy element?

"The talents of the online poker community have been enormously helpful in testing the new software we have released. Obviously, any release has its teething problems and equally obviously we take any fault very seriously & we have released an update we are confident have addressed the most pressing issues.

"The input of poker players and software professionals since our launch has helped us make our system more robust and highlight how strong the poker community is."

Attacking Boddy could be described as a bit of Ayre bluster, and therefore not untypical, I think.

But on the positive side they have certainly got the message about the privacy flaw in their software...and that not everyone is over the moon about their new policy.
 

threescatters

Dormant account
PABnonaccred
Joined
Dec 15, 2009
Location
UK
I have just read that everyone who used to be prevented from sitting together at a table (due to being caught for colluding in the past), can now sit together again - how bad is that!?!!
 

rockycatt

meistercatt
Joined
Oct 26, 2008
Location
Boston
I have just read that everyone who used to be prevented from sitting together at a table (due to being caught for colluding in the past), can now sit together again - how bad is that!?!!

hm mm is there a link to that story about cheaters and coulers why dident they just ban them ??
 
Top