$ £

Cereus blog updates progress on poker encryption vulnerability

The Cereus poker network continues to update interested parties on its latest software issue, using a question-and-answer blog for the purpose. The company has reported that SSL technology is currently being used for encrypting certain data, such as player login credentials and all financial information. This does not extend to the client-server communication that occurs during game play, which was developed using a proprietary encryption method.

"We are frankly embarrassed that the SSL standard was not used in this data exchange. We are very disappointed with our software development company and internal QA testing. We fully acknowledge that the blame falls on us," Cereus management has blogged.

CEO Paul Leggett and his colleagues apparently acted timeously when the encryption flaw on gaming data transactions was brought to their attention by a poker information portal. The team immediately implemented an improved method for encrypting data, using in part a team of independent hackers in order to develop the initial "quick fix" solution, which includes complicated random keys in combination with MD5 encryption.

Management has already indicated that within a week it will implement a more permanent and probably SSL-oriented fix for the problem.

Source: InfoPowa News

Share this