Page 3 of 3 FirstFirst 123
Results 41 to 46 of 46

Thread: Poker Mavens software hacked to allow superusing for shady operators

  1. #41
    Quote Originally Posted by nolawojy View Post
    All of this technical jargon is 75% over my head but is it possible for this to happen on a site like nitrogen with the provably fair stuff? I'm assuming this also works with games with more than 2 hole cards (Omaha etc)?
    Cryptographic hashing can be used to prove your RNG/shuffling algorithms are provably fair. This is fine for player vs house games like dice and blackjack but it doesn't do anything about superusers in poker where the house leaked hole cards of other players to them. There is a technique called "mental poker" where every player's client module participates in the deck shuffle with encryption such that the house doesn't know the cards. But it falls apart if any player disconnects (accidentally or on purpose) and doesn't protect against a corrupted client that leaks your decrypted hole cards.

  2. #42
    Owner Dan Druff's Avatar
    Reputation
    5046
    Join Date
    Mar 2012
    Posts
    35,704
    Blog Entries
    2
    Johnaudi will be on PFA Radio tonight.

    Should be an interesting interview. Will happen at around 10:30pm PST.

  3. #43
    Owner Dan Druff's Avatar
    Reputation
    5046
    Join Date
    Mar 2012
    Posts
    35,704
    Blog Entries
    2
    https://pokerfraudalert.com/forum/sh...ese-Connection

    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.

  4. #44
    Quote Originally Posted by Dan Druff View Post
    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.

     
    Comments
      
      shoeshine box: i would buy a car from him.

  5. #45
    Platinum ftpjesus's Avatar
    Reputation
    337
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    2,535
    Quote Originally Posted by Dan Druff View Post
    https://pokerfraudalert.com/forum/sh...ese-Connection

    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    I listened to most of the interview but was admittedly falling asleep towards the end but based on what Audi said I think theres a lot less to worry about then we thought.. I don't know if Kent is aware of what all Audi said but this hack was developed using the PM Demo and unless I misunderstood it would have to be redone for each version to even be useable and I guarantee doing so for Gold isn't the same as what had to be done to reverse engineer the demo 500 hand limit software version.. Also it would appear also that for the hack to remain effective it would probably have to redone every time Kent updated the software so if a site is running the newest version it would be pretty likely the site isn't cheating its users.. I could be wrong maybe I missed something towards the end of the interview..
    <This Ad Space for Rent or Sale>

  6. #46
    Platinum ftpjesus's Avatar
    Reputation
    337
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    2,535
    Quote Originally Posted by KBriggs View Post
    Quote Originally Posted by Dan Druff View Post
    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.
    Based on the interview I don't think you have much to worry about Kent it seemed based on what I heard that it would require the hack to be patched as well Im guessing probably everytime PM is updated which would be an onerous process probably.. Again I think if a site keeps its software updated it should instill a sense of trust especially since the hacker even said PM is more secure then some other bigger names out there..
    <This Ad Space for Rent or Sale>

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Worst online poker software ever?
    By Dan Druff in forum Poker Community Discussion
    Replies: 29
    Last Post: 05-30-2019, 11:52 AM
  2. How We Learned to Cheat at Online Poker: A Study in Software Security
    By mulva in forum Poker Community Discussion
    Replies: 3
    Last Post: 08-09-2017, 06:32 PM
  3. Replies: 10
    Last Post: 12-11-2016, 07:02 PM
  4. clickngamble.com poker software
    By jfava16 in forum Scams, Scandals, and Shadiness
    Replies: 0
    Last Post: 08-06-2014, 07:14 PM
  5. LVH opens poker room with UB shady fuck as manager
    By ftpjesus in forum Flying Stupidity
    Replies: 1
    Last Post: 07-13-2013, 01:36 AM