After a couple of semi-successful fixes, the encryption flaw at the Cereus Poker Network has now been resolved. The poker information site Poker Table Ratings, which uncovered the flaw in the first place and has been assisting Cereus in finding the right solution, has announced: "We can confirm that SSL is now being used everywhere for Cereus.
"The login vulnerability no longer exists. We're now ensuring a proper implementation, but it seems like the biggest problems have been addressed."
The advisory brings to a close a crisis that started on May 6 when Poker Table Ratings advised Cereus of the flaw after it managed to hack the bespoke XOR encryption on the network's player gaming data, using a standard Windows calculator.
Cereus immediately reported the issue to the Kahnawake Gaming Commission and quickly installed a quick fix, giving an undertaking that OpenSSL would be installed as a more permanent solution. This was partially achieved, but was still vulnerable according to PTR experts, leading to further work implementing a full OpenSSL initiative, which has now passed muster.
Source: InfoPowa News