Page 3 of 3 FirstFirst 123
Results 41 to 47 of 47

Thread: Poker Mavens software hacked to allow superusing for shady operators

  1. #41
    Quote Originally Posted by nolawojy View Post
    All of this technical jargon is 75% over my head but is it possible for this to happen on a site like nitrogen with the provably fair stuff? I'm assuming this also works with games with more than 2 hole cards (Omaha etc)?
    Cryptographic hashing can be used to prove your RNG/shuffling algorithms are provably fair. This is fine for player vs house games like dice and blackjack but it doesn't do anything about superusers in poker where the house leaked hole cards of other players to them. There is a technique called "mental poker" where every player's client module participates in the deck shuffle with encryption such that the house doesn't know the cards. But it falls apart if any player disconnects (accidentally or on purpose) and doesn't protect against a corrupted client that leaks your decrypted hole cards.

  2. #42
    Owner Dan Druff's Avatar
    Reputation
    7103
    Join Date
    Mar 2012
    Posts
    44,552
    Blog Entries
    2
    Johnaudi will be on PFA Radio tonight.

    Should be an interesting interview. Will happen at around 10:30pm PST.

  3. #43
    Owner Dan Druff's Avatar
    Reputation
    7103
    Join Date
    Mar 2012
    Posts
    44,552
    Blog Entries
    2
    https://pokerfraudalert.com/forum/sh...ese-Connection

    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.

  4. #44
    Quote Originally Posted by Dan Druff View Post
    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.

     
    Comments
      
      shoeshine box: i would buy a car from him.

  5. #45
    Platinum ftpjesus's Avatar
    Reputation
    454
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    3,120
    Quote Originally Posted by Dan Druff View Post
    https://pokerfraudalert.com/forum/sh...ese-Connection

    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    I listened to most of the interview but was admittedly falling asleep towards the end but based on what Audi said I think theres a lot less to worry about then we thought.. I don't know if Kent is aware of what all Audi said but this hack was developed using the PM Demo and unless I misunderstood it would have to be redone for each version to even be useable and I guarantee doing so for Gold isn't the same as what had to be done to reverse engineer the demo 500 hand limit software version.. Also it would appear also that for the hack to remain effective it would probably have to redone every time Kent updated the software so if a site is running the newest version it would be pretty likely the site isn't cheating its users.. I could be wrong maybe I missed something towards the end of the interview..

  6. #46
    Platinum ftpjesus's Avatar
    Reputation
    454
    Join Date
    Mar 2012
    Location
    Mesa AZ
    Posts
    3,120
    Quote Originally Posted by KBriggs View Post
    Quote Originally Posted by Dan Druff View Post
    John Audi came on my show last night, go to 1:00:30 mark to hear it. Lasted almost an hour.
    FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.
    Based on the interview I don't think you have much to worry about Kent it seemed based on what I heard that it would require the hack to be patched as well Im guessing probably everytime PM is updated which would be an onerous process probably.. Again I think if a site keeps its software updated it should instill a sense of trust especially since the hacker even said PM is more secure then some other bigger names out there..

  7. #47
    Quote Originally Posted by ftpjesus View Post
    Quote Originally Posted by KBriggs View Post

    FYI, I did release an update (6.15) yesterday that will stop the simple resource edit that was discussed above where the javascript client gets patched. That code is compiled directly into the server's executable. Of course it doesn't do anything about previous versions and a site operator with evil intentions is likely not going to upgrade his copy. And it's not going to stop more sophisticated hacks that could modify the machine code and blank out the code integrity check.
    Based on the interview I don't think you have much to worry about Kent it seemed based on what I heard that it would require the hack to be patched as well Im guessing probably everytime PM is updated which would be an onerous process probably.. Again I think if a site keeps its software updated it should instill a sense of trust especially since the hacker even said PM is more secure then some other bigger names out there..
    Despite the fact its been patched rumor has it some scammers are still trying to sell this exploit either knowing it wont work anymore or are ignorant of that fact..

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Worst online poker software ever?
    By Dan Druff in forum Poker Community Discussion
    Replies: 29
    Last Post: 05-30-2019, 10:52 AM
  2. How We Learned to Cheat at Online Poker: A Study in Software Security
    By mulva in forum Poker Community Discussion
    Replies: 3
    Last Post: 08-09-2017, 05:32 PM
  3. Replies: 10
    Last Post: 12-11-2016, 06:02 PM
  4. clickngamble.com poker software
    By jfava16 in forum Scams, Scandals, and Shadiness
    Replies: 0
    Last Post: 08-06-2014, 06:14 PM
  5. LVH opens poker room with UB shady fuck as manager
    By ftpjesus in forum Flying Stupidity
    Replies: 1
    Last Post: 07-13-2013, 12:36 AM