so thats cake and cereus in the last couple of weeks..

Ipoker uses SSL for everything not just credit card/financial transactions?

the new update has just gone on.

the system is basically un-useable. i would see more hands playimg the local pub game. at least 4 secs between each players action.

I have noticed that as we lose players out of the tourney it is getting slightly faster

Thats such elementary stuff they should be up on criminal charges for allowing it to happen.

Chris should try and give us an update on this.

they do so much right at bruce and cake have f**ked again

CAKE and BRUCE Suck.........
Only play small games ,but tonite barely got 2 hands in per level as server was acting up.
Give me back my 3 buck buy in or I will move my 20 buck bankroll to POKERSTARS.

I didn't notice any problems in any of the tourneys I played on Bruce tonight so I don't think it's network wide.

I have to thank PTR as if it was not for their testing we (the players and network partners) wouldn't know about this problem and therefore would not be able to get it fixed. They are not only helping players but information like this is needed for network partners like BrucePoker who are supplying a service to their players and want said service to the best possible.

At 7pm last night I received an email from the partner manager in Cake with the following information:

"As you may be aware CakePoker released a security update on cakepoker.com client 1 yesterday which introduced an SSL layer in all our server-client communications.
We have concluded post release testing on yesterdays update and are currently rolling out all Partner clients with the new SSL layer.
This should be completed within the next hour.
Tomorrow morning at 6:00am PT we will be doing an additional update for all Partners which should finalise all issues relating to recent security concerns."

11 days after the issue was brought to their attention the cake network now seem to have fixed the problem, this however does not fix the issue that the protection should have been there in the first place.

I hope over the next week Poker Table Rankings will release information on the implemented SSL protection on the cake servers as they quote in the article:
"We, as always, offer our expertise in auditing security and verifying the fix once implemented."


I don't want to write a huge message regarding the security issue and I would hope all players would read the article linked in the first post (if not you can find it here)

Please note for an attacker to exploit this would require several extreme circumstances to occur and a great deal of technical expertise in breaking encryption such as:

• The internet connection on which you are playing would have to be public or compromised
• An attacker on this public/compromised internet connection would have to be attacking you from the same internet connection.
• It is possible that a remote attacker could exploit this via a “man in the middle attack”. This kind of an attack involves active eavesdropping where the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker. This can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other and again, they would have to have control over your internet connection in order for them to insert themselves in the first place.
• The attacker would have to be able to identify you individually as a player on these compromised/public internet connections and target you specifically.
• The attacker would also have to break the encryption.

The possibility did indeed exist that all these circumstances could occur at once – but this would have to be the work of an extremely experienced and targeted individual.


If any player has experienced any issue or disruption in play due to the multiple updates rolled out over the last week or have anything they would like to discuss with me please feel free to pm me here, leave a message to pm them here,or email me at support@brucepoker.com. All issues will be investigated personally.

In all fairness you prolly wouldn't as you are multi-tabling. You only see the screen when it is ready for an action to be taken.

Us meer mortals two tabling, are seeing huge delays between player actions.

I have all tables I'm currently playing visible at all times on screen (or rather across the two screens I use when I'm multitabling) because I don't go up past 8 tables (the point at which I can only play robotically and not pay attention to hands I'm not in and notice how other players are playing) so I would notice. I'd certainly notice if we were only getting in a few hands per level.

Fair enough doke.


Today i have been thourgh three versions of the software. and one on the server side. Obv. cake realise there is a problem and they have sorted it.

Seems faster now.

I think more and more people are being put off online poker with all these stories.

Does anyone else think its strange that the only person who can't see how slow Bruce/Cake is running is their sponsered pro?

I was following this closely since 8am this morning. I went on to 2+2 to see what was going on and loads of players were complaining - in fairness Cake did refund fees when requested even though i came 2nd in one tourney

This thread puts a little more light on the subject:


Originally Posted by █████
Facts:

There has been no real encryption for a period Lee does not want to disclose.
As a result of this lack of encryption, anyone with access to a connection from a user to Cake could tap into that connection and read all card data.
The Cake programmers, who, according to Lee himself, lied to him about the encryption when Lee asked them about it, have access to the network the servers are on.
Therefore, the Cake programmers could have superusered.
Cake does not allow datamining, does allow name changes, making it pretty much impossible for the community to check for superusers ourselves.

Opinion:
Any programmer who is responsible for a program that deals with millions of dollars, such as the Cake software, is either incredibly incompetent or intentionally malicious when he uses a fake encryption such as the one used.

Questions:
Lee,

Since when has there been no encryption on Cake? We need a timeline, even if only for those of us who suspect they were hacked on their own local network.
How do we know there have not been any super-users (on your side) on Cake, considering that your software had this possibility and considering that you have taken away the players' possibilities to catch them ourselves?


Lee is the Cake Poker Room Manager by the way


He continued to ignore this guys questions even though more and more people were demanding answers on different threads

This is the thread:



If i am not supposed to post that here please delete it. I just thought it would be informative to fellow "nervous" Cake network players

In fairness to Doke...The lag problem HAD been resolved when he posted earlier. I was "trapped" in a couple of tournies earlier...they were still playable but roughly 1 hand every 3/4 minutes.

This is not helpful

The point you don't seem to understand is that a paid representative of the site is hardly in a unbiased position to say "everythings grand" when quite clearly at the time it wasn't.

He didnt say "everythings grand". He said he didnt notice anything wrong on his screens. As i have already said...I was on the site at the same time as Doke and everything WAS "grand" as you put it.

Is he not entitled to post here the same as anyone else even if he is a sponsored player?

It seems like we both experienced the same thing and Doke was fortuanate to be playing later.

As for your other point of course Doke is welcome to post regardless of wether he is sponsered or not. I for one find most of his posts very insightful.

Possibly superusers on Cake -- Lee Jones/Cake refusing to respond

Opr

Well I am now on my 4th version of the software in 24 hours. Seems back to normal and moving between players as it should. A complete balls up on cakes behalf if you ask me.
And not the first time as I recall.

Can Chris from Bruce please confirm from cake that have now installed security and will pass PTR's test as in OP?

At midnight last night the latest version of the software was rolled out to "implementing a fix for the lag which was experienced earlier". Thanks to Iain for giving me updates throughout the day about what he was experiencing.

As for the installed SSL, I have been told by Cake it is in place and I would hope PTR will test it within the next couple of days and publish their results.

PTR have released the following:

Cake Poker has released an update that includes SSL encryption for the second time. We can verify that the data stream is SSL encrypted on both the standard software and the beta client. We have been unable to reproduce any of the vulnerabilities we detected previously.

We have not been able to verify that the SSL implimentation has been rolled out to all of the individual skins.

If you’d like to be sure that your Cake network skin is safe and are using the classic client, navigate to the install directory of the skin (generally C:\Program Files\SKIN NAME, where SKIN NAME is the name of your skin) and check for ssleay32.dll. If ssleay32.dll is not contained in the skin installation directory, then your skin is not safe to play.

Article can be found here.

And here is the ssleay32.dll in my program folder:

They are still stone walling over on 2+2 and the only response from Lee Jones is ridiculous.

Opr

Delighted an admin decided to step in and put this guy straight!

Am i reading this right.......

that the cake network operated without any security for a period of time?


any they taking the piss

If I'm reading it right, then yes, up until the other day.

rather than start a new thread though I could derail this old one & splice in this little gem,

This only happend a few days ago & find it very interesting,

Also to add to the cliff below cake poker have gotten in touch with the OP saying he must sign a NDA (Non Discloser Agreement) before they will explain the situation

Thread on 2+2 http://forumserver.twoplustwo.com/28...-sign-1040155/

The reason he has to sign NDA is to stop them revealing how the company operates.

If that was not signed he would be able to tell whole of twoplustwo the whole cake business model which obviously would not be a good idea for obvious reaons.

Yeah I understand them needing to sign it but they need to swallow the loss of 60k because on THEIR security issues.

He did nothing wrong here in fact only cake are in the wrong as far as I can see. (well apart fro the guy that kep reloading for free lol)

NDA are more common that what think...Most business would have their staff sign them and also anyone that would be indirectly associated with that business.

I was some site would let me reload for free save me some money he he

Cake are clearly about as incompetent operators as you are going to find in this business.
If they had even a screed of cop on they would shut down until they have completely sorted this latest fiasco. Trying to grab the 'counterfeit' chips back from this guy might turn out to have some legal or T&C's basis but it is LOLbad business.

For anyone stupid enough to continue to do business with this shower of clowns since they left your money free and unprotected on the Internet for anyone to steal last year; If you don't see now that you are a fool for dealing with these messers, you do not deserve to have any money.

Cake people LOL.