Tokwiro Enterprises, who owns CEREUS Poker Network, recently announced in a press release that they have improved the protocol for security concerning Absolute Poker and UB.com. Tokwiro has included OpenSSL encryption for their client-server communications. This announcement was made after a grave error in the security system of the network was found and made known by the those who operate the PokerTableRatings.com web site, which is also known as PTR. Absolute Poker and UB are the only poker rooms operating on the CEREUS network, known as the third-largest poker network on the Internet that accepts players from the United States.
The Chief Operating Officer of Tokwiro, Paul Leggett, stated that the company’s priority is providing their players with an online poker environment that is secure. Leggett also said that using the OpenSSL standard accomplishes just this for their players, and that the company will keep conducting thorough tests for verification as well as using third party audits in order to make sure the entire Tokwiro operation is safe and sound.
The error was revealed on the 6th of May by PTR, which is a web site that scrapes poker hand histories on about a half dozen different poker networks, and also allows the players to do a search on the ring game results so as to determine whether or not players have a winning or a losing history. PTR also has a five-minute video that shows how the poker players log-in information and their hole cards could be intercepted via various wireless networks. PTR explained that wireless networks seem to be quite exploitable because of the simplicity with which someone who doesn’t even have physical access to the networks can compromise them. The site explained that at times, wireless networks would not even need to be exposed by a human because the wireless network isn’t encrypted.
As you might imagine, this security gap caused a nightmarish public relations flap for UB once again. A couple of years ago, several UB players were able to get into certain “Superuser” accounts that enabled them to see the hole cards of the other players. Those who post on Internet poker forums wasted no time in linking these two occurrences. A poster on the twoplustwo.com forums wondered why people still played at UB.
Paul Leggett responded to what PTR had to say at once, explaining that he anticipated that a resolution for the quandary in just a few hours. Leggett then stated that the crisis had been averted by using a more superior multi-layer encryption, and that the company would be making an OpenSSL solution live in a week’s time. It did not sit well with many players when the two sites kept on running the games, even though there were problems in the security of the network.
A user on the UB.com blog, SusieQue, wanted an explanation as to why the site was not shut down when the company was aware that there was a problem, instead of ignoring such a security issue until the next morning. UBMarketing responded by saying that they did considered shutting down Cereus on a temporary basis, but knew the company had the ability to find a new solution in just a few hours, and the company did not think anyone could come up with a hack that would take advantage of the susceptibility within that time frame. The upgrade done eight days later by the company made it more difficult for anyone to hack in, but this change didn’t make it impossible. The login information for players could still be hijacked with the same methods mentioned by PTR. On 16 May, the entire site had OpenSSL security implemented, and PTR admitted that the company had addressed the biggest problems.
These security problems have not really helped the network, which at this time is in eighth place on the PokerScout.com traffic report. According to PokerScout.com, compared to usage back during April, an eleven-day period from the eighth until the eighteenth, the real money traffic at peak time dropped more than 8 percent from the sixth of May through the sixteenth, which is when the security upgrade was going on.
Leggett has stated that he is doing everything possible in order to reassure players that the CEREUS Network is keeping their accounts safe. He stated that the company is openly communicating with their players, the rest of the poker community, and PTR so as to prove they are a company serious about security and that it is safe to play there.