Bodog Poker Security Warning

To make another point, anyone who has read casinomeister will know how important it is to read the terms and conditions of any site and stick to them.

For the vast majority of places one of the most important ones is no multiple accounts. Bad and evil players will ignore this and open multiple accounts to try and claim more bonuses and stuff Han they are entitled to. They ignore the t and c and abuse the casinos for their own financial gain. When they get caught on here it is an insta ban and hung out to dry, deservedly so.

What these hhsmithy sites are doing is similar. They completely ignore the sites t and c banning data mining from tables you are not in and using banned 3rd party software and they then use the proceeds, the hand history's, for their own financial gain by sellin them on. Giving other players who use their services an unfair advantage over players who stick to the t and c and don't. This is extremely bad IMO
 
It's not motivation I am questioning, and I am impressed with his work however.

These hand history sites are viewed badly by almost all players from recreational who know about them up to full time pros. The sites all explicitly dissallow them. Note that collecting hands on your opponents by playing against them is fine. However these sites data mining my hands when not playing v me, displaying my results and stats for all to see and offering my opponents the chance to buy hands on me to get an edge is extremely immoral IMO. Everybody wants to see them shut down that I speak to, although anonymous tables is not the way to do it.

My point is as impressed as I was by his hack if this guy is heavily involved in these sites he is ethically and morally far worse than bodog and frankly he can bugger off as far as I'm concerned (if that is the case ofc I am wanting clarification here)

Not according to Bodog. Anonymous tables even prevent this, and in addition they deleted notes without warning to ensure players didn't have a notice period in which to download and save the notes they had made already.

From reading this, in upgrading to anonymous tables, Bodog REMOVED some key anti-cheating measures that were present in the old software. Once again, colluding players can sit together. Problem gamblers can no longer self exclude. For some reason, the CLIENT is given account numbers. WHY? This hack was only possible because the client was furnished with data it simply didn't need, and in terms of security, is WORSE than furnishing the client with screen names.

As for data mining, it is still possible. Bodog have NOT prevented data mining itself, they have tried to make the mined data useless.

One wonders what other former security measures have been removed from the new software, as well as what new exploits have been made possible.

Obviously, a company that trades hand histories is faced with being put out of business if anonymous tables became the norm, and was implemented robustly; so clearly such companies have a vested interest in this "experiment" failing, and anonymous tables becoming a thing of the past.

The poker industry created the problem in the first place by requiring players to use a permanent and trackable screen name across whole networks for "security reasons". Had players been allowed to change screen name at will, it would have been easy for any player to thwart the best efforts of data mining companies to profile them.

The original "security" argument was that in requiring permanent screen names across entire networks was necessary in order to thwart collusion and other forms of cheating. Bodog are now saying this has NEVER been the case, as they are supposedly perfectly capable of preventing collusion internally, even though the tables are anonymous. Maybe there was another reason for poker rooms wanting individual players to be easy to track, profile, etc. It is only loss of business from the "fish" who are fed up of being beaten down by the pros that has forced them to rethink this "security requirement", with one room allowing weekly screen name changes, and others trying anonymous tables.

Data mining companies are not going to go away, they will adapt to the new environment and develop new tools that still offer an edge at anonymous tables, even though individual players can no longer be profiled.

If HHSmithy had completely lacked morals, they would have developed and sold a tool to exploit this flaw, and enable predators to raid Bodog's anonymous tables. Instead, they judged this to be "crossing the line", and exposed the flaw.

Perhaps this exposes part of the bigger picture, poker rooms are incapable of ENFORCING any rules covering prohibited aids to play.
 
Certainly Kyle and his company got some exposure of their skills when they cracked the Bodog software and exposed the holes. I am sure that was part of the motivation of doing it. This is one hell of a good thing to have on a resume when they launch their security company, there is no denying that, but helping out the poker community not get cheated by a company that suddenly became shady was also motivation.

Bodog yelled to anyone that would listen that their software was more secure than ever and above industry standards. To anyone in the field HH Smithy is that was a challenge, especially since the software had so many obvious security issues to even the biggest noob fish. They proved Bodog was lying and being shady on multiple levels. Who cares if that helps their resume. Nobody paid them for their time. Bodog handled it very poorly so now there is no telling what they will do. If Bodog had handled this in any type of mature, professional manner, we would know more about the flaws of their software. Instead they tried to spin it like they are the victim. If you are going to try to make the people that busted all of Bodog's lies to be the bad guy you have been reading too much of CA's blog.

We are talking about a company that thought adding a 1 to the end of the account number was encryption. This same company is still running a software that is easily cheated, buggy, and has been busted multiple times for security issues. Take a neutral point of view here and see who is in the wrong and who is in the right. Sure, nobody makes me or anyone play at Bodog, but the way they have handled themselves puts all of their players at risk. It is no different than a rogue casino, they need to be called out regardless of who is playing there. The worst part is that Bodog has a stable, secure client that they pulled that could easily be put back into service that would resolve all of these issues. Bodog is too stubborn to do that though.
 
From reading this, in upgrading to anonymous tables, Bodog REMOVED some key anti-cheating measures that were present in the old software. Once again, colluding players can sit together. Problem gamblers can no longer self exclude.

Just want to clear some things up. Colluding players can NOT sit together, they are removed from the site and funds are confiscated. In the past Bodog Poker had association rules that banned players for a variety of reasons but their new policies are more sophisticated and while still keeping high risk situations minimized, some players that were banned for reasons that they see as low or no risk have been allowed to play together again. Problem gamblers can and always have been able to self exclude.

Thanks!
Becky
 
Just want to clear some things up. Colluding players can NOT sit together, they are removed from the site and funds are confiscated. In the past Bodog Poker had association rules that banned players for a variety of reasons but their new policies are more sophisticated and while still keeping high risk situations minimized, some players that were banned for reasons that they see as low or no risk have been allowed to play together again. Problem gamblers can and always have been able to self exclude.

Thanks!
Becky

However, players now have to take this on trust, they can no longer detect it themselves through tracking screen names of players they suspect are colluding. Your systems only protect players after you have caught the cheats. Until you have caught cheaters, they can collude, although this was also the case before this change.

With the abilty removed for players to help police the site themselves, they have to put all their trust in Bodog. Unfortunately, revelations about lack of security as demonstrated by HHSmithy's extraction of player's account numbers from the client have dented this trust.

What players want to know is WHY this data has to be sent to the client in the first place given that ALL tables are anonymous, and the client no longer needs data in order to identify players to users. The client should also have no need for this data for internals, as everything important should be done on the server, with the client being nothing more than an interactive graphical interface.

The revelation that players got banned for "no risk" situations in the past is also disturbing, as this is simply an example of unfair treatment, especially if other punishments were meeted out to these players, such as confiscation of funds or suspension of offers. It smacks of a "shotgun" approach to policing in the past, rather than targetting REAL cases of flagrant abuse.


Of course, HHSmithy have a vested intererest in killing off the idea of anonymous tables, which is why they are suggesting that the only credible solution is to revert to the old software.

What they have exposed however, suggests that this change was "rushed", and shortcuts were taken in the hope that hackers would not dig too deeply too early on, giving a chance for the changes to become more popular. This shows a poor understanding of this "dark art", as often hackers do it for the challenge, even before any value has been identified in anything they uncover. This is clearly demonstrated by their website article, "....we saw this as a challenge....." when the Bodog press release said things like "xxxxxxxx can no longer be done, or yyyyyyyyyy will no longer work".

Players may also wonder whether their account numbers were ALWAYS retrievable from the client.

Players who find their Bodog accounts have been hacked after playing poker are going to have a pretty sound claim that it was done through retrieving their account number from the client, and then attacking the login webform, even if this was not the case.

Ultimately players will vote either with their feet, or their bottoms. So far, it seems the feet have it.
 
Interesting development although as Pokerscout says, the revelation that the site could be hacked will not have helped build traffic.

It will be interesting to see how Bodog tries to incentivise players going forward...and whether they continue to stay away from the site.
 
Bodog is a pretty small player in the market with under 1000 cash players over a 7 day average. There are only a couple of thousand players affected by this move, a fraction of the overall numbers playing poker online. Would it really matter that much if Bodog quit offering poker altogether. With so little to lose, perhaps they thought they had everything to gain by being the first to offer ONLY anonymous tables. If they can convince 1000 NEW players to join because of this, losing much of their current player base isn't going to matter.

They should concentrate on resolving the security concerns, and presenting not only anonymous tables, but an "uncrackable" room for those with the abilities to design new advantage tools, such as datamining based on account numbers lifted from the client.
 
You do not have permission to view link Log in or register now.


Bodog to reveal all hole cards upon request. The article does not give details on how it will be done though. If done right, this may bring some peace of mind to people. Identifiers will need to be removed from the software and the hand histories will need to be delayed a substantial amount of time, like 1 day, for it to be effective. Otherwise it will just let you soul read players.
 
You do not have permission to view link Log in or register now.


and as the largest gaming-industry news site, we have a responsibility to callout those we believe are hurting the industry we love.

Here is more silliness from Bodog. Calling themselves a news site to begin with is debatable, but to call themselves the largest?

Also, does Bodog not realize that anyone with 30 minutes to an hour to kill could count the traffic on their poker room? I respect their right to keep that info private but it leaves one to wonder what they are trying to hide and their accusations are quite ridiculous.

Note the image as well...
 
Last edited:
just a note /thought , it seams to me that game providers insert a paragraph in there license rules that there soft ware ,game client is strictly forbiden to be tamperd with including the archatectcher
codes etc [on and on ]

so are we supporting a software pirate in Smitty , and if so how can this make it right

i do miss the avatars and names at the tables and wish there is a way to bring them back safely

while blocking data miners , seams to me that data mining is a breach of the license terms

please correct me on the leagle side of gathering this data

i play without a poker suite , R C
 
You can look at it two ways with how the software was exposed. HH Smithy knew the software could be cracked and knew Bodog was lying about it. They then proved it could be cracked. This is a part of online poker check and balances. The other side is that nobody should try to prove honesty and integrity in the online poker industry as the rooms should be blindly trusted. It has been proven many times that the operators need to be watched though. If nobody ever challenged the rooms and suspicious software, we never would have discovered the AP/UB scandals.

As for datamining, I agree that it should not be allowed and enforced. It seems the poker rooms are not very vigilant about it. As much crap as I have given Bodog for their behavior and security issues, I believe they are looking in the right direction to stop that. There are more secure ways of doing it though.

It is their business and I respect that they will run it as they wish. The main problem I have is they have not done it securely and were not honest about it. Hopefully they have or will get their act together.
 
You do not have permission to view link Log in or register now.




Here is more silliness from Bodog. Calling themselves a news site to begin with is debatable, but to call themselves the largest?

Also, does Bodog not realize that anyone with 30 minutes to an hour to kill could count the traffic on their poker room? I respect their right to keep that info private but it leaves one to wonder what they are trying to hide and their accusations are quite ridiculous.

Note the image as well...

These "kill the messenger" and clearly biased attacks always make me feel uncomfortable around "news" sites and for that matter companies.

For me, the bottom line beneath all the bluster and spin is that Bodog have made adjustments and hopefully improvements to their security, and are to make card histories available to players next year. Would they have done that without the impetus of HHSmithy's expose?

I've been left with the perception that more thought and tighter quality control could have been devoted to the changes at Bodog Poker, which may have avoided having to resort to spin on the issue at this point.

So I'm with PA here - checks and balances are a good thing, and imo a sensible operator should embrace constructive and genuine exposures rather than ridcule and defame the exposers.

I feel the same about these increasingly vicious attacks on Pokerscout for continuing to publish stats on Bodog Poker - not nice to see from a professional company that could, assuming it has a strong enough case, take the matter to litigation instead of publicly bad-mouthing the publisher in heavily slanted media articles.
 

Users who are viewing this thread

Meister Ratings

Back
Top