I have never posted in this forum and I wouldn't usually start a thread, but this is a very serious issue.

Disclaimer: The level of incompetence required from Cereus for such a security flaw to be real would be so great, I'm having a hard time believing that this is true. But until PTR's story has been disproved, I advise extreme caution.
http://forumserver.twoplustwo.com/29...curity-778002/
http://www.poker*table*ratings.com/b...poker-network/

As a computer engineer, this is an extremely serious security flaw that shows a level of incompetence previously unheard of (even for UB).

DO NOT PLAY ON UB/AP. DO NOT LOG ON UB/AP. And if you do so, don't do it on any form of public network or wireless network with weak security and only do so to cash out your bankroll. This isn't about UB/AP being shady or having done wrong in the past. This is a very real and serious security issue.

so sick

What information is at risk of being decoded?

EVERYTHING.
Hole card in real time. Login/Password. Everything transmitted between your PC and Cereus' server.

There's a 4 minute video on PTR, watch it.

Blows my mind that they show this video in such great detail ****ing BEFORE it has been fixed in one way or another.

i have been logged in all day on ub on a wireless network just logged out what should i do?

feel ashamed you still play there

Ugh **** guess I'll have a break then ffs... this is unbelievable. Damn I don't want to move to FTP or some tiny room, omg what a beat. Thx for the warning RTR + OP.

wow

This video does not represent a security problem any more then their article simply stating that "UB doesn't use SSL but some form of XOR based encoding". PTR did a great job. Technically, they should've provided some time for Cereus to fix the problem, but considering the issue at hand and Cereus' track record, I can't blame them.

Nothing. The odds of actually having had your account compromised are extremely low. Just don't play there anymore until further news. (and you know, don't play there ever again)

For the record, this doesn't let anyone see your hole cards. They'd need to be either plugged into your network or be able to read traffic from your wireless network. So the odds of somebody using this to exploit you are pretty low in general. (The one time when I'd really be worried is when lots of poker players are in the same place using the same networks, like at big tournaments.)

It's still completely ridiculous that AP/UB were this incompetent and didn't follow basic industry standards.

^^ what he said

the real issue is if you're playing poker on this network on an unsecured network i.e. airports.

According to the article, as long as u're on a secured network u're fine

FYP, kinda

That's not true:

LOL OMG @ THIS. As someone who has a ton of background in IT security, WOWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW.

This is SOO bad and SOO non standard, I almost suspect it was intentional to encrypt data in this manner.

Also, to be clear, if you are playing on UB right now after this vulnerability has been made public, some random talented IT guy that works for your ISP or ANY ISP up stream between you and UB could potentially sniff your traffic and hack you.

I believe in the video he stated they were using MD5 hashes, and that means that someone could have your password VERY quickly if they got your MD5 hash and brute forced it. Just wow.

Edit: If you are using the same passwords on UB that you use on other sites, I'd change the passwords on the OTHER sites IMMEDIATELY.

AHEM xbl***. glad ive never played on ub an i damn sure never will.

wooooooowwwwwwwwwww. REAL COOL WAY TO GET CHEATED OUTTA 200k+

**** YOU UB. **** u xblin*.

Looks like Xblink had a lot of friends working for ISPs, huh

Now that this has been published, every part-time poker player working for a backbone ISP carrying Cereus traffic is going to fire up their packet sniffer and try to hack it. I anticipate a software update in 24-48 hours if it's true. It's simple to wrap their protocol in SSL.

Also be careful on cable modem networks. It used to be very common for cable ISP networks to be built in such a way as to allow one customer to see another customers traffic in the same small geographic area. (For the IT geeks... think hub versus switch on the cable node in your area)

If you do not know if your cable ISP uses a shared network or not, opt for the safe solution of not playing.

this is how I've heard people in Commerce, Aruba, LV got hacked.

At some point don't people deserve to get robbed if they play at AP/UB??

Wow.

Wow, just wow.