Back at the start of April a story broke announcing that Securident, a company specializing in online-security concerns, had uncovered a major security flaw in the software of Pokerroom.com, part of the Ongame Network. The exposed software flaw allowed a hacker possessing the right information to access (and potentially drain) the accounts of other players. Bill's Blog was one of several poker-news sites to feature the release. It wasn't featured here because it was already in the news at several high-profile sites, and there was no information that your loyal Kick Ass blogger could add to what had already been reported.
The release turned out to be a high-tech shakedown by Securident: the firm apparently does some or much of its business by hacking into other's sites, then selling their services to fix the sites that they themselves have hacked into. Yes, this is the moral equivalent of a legal firm that just goes from one class-action suit to the next, intent on extorting out-of-court settlements from whomever their target du jour happens to be, simply as a cheaper settlement option to the victim than actually going to trial. But that's a vent of a different temperature.
What happened in the Pokerroom.com instance, according to all accounts, is that Pokerroom.com told Securident to go whistle --- they'd fix their own [Pokerroom.com's] system, and not pay off any sort of high-tech blackmail to the firm that hacked that system in the first place. And so the story should have died.
Except it didn't. It didn't receive as widespread an airing, but a second hacking incident at Pokerroom.com subsequently occurred. We discovered it over at White Belt Poker, a small British poker blog. On April 14th or 15th, another hacker or hackers attacked the Pokerroom.com system, and ultimately cracked into and controlled the "chat" part of the system for some four hours. Spams were sent throughout the system, and false messages were propogated under many of the real users' names. And again, it took Pokerroom.com techs some four hours to regain control over their chat system, though the financial and gaming aspects --- always encoded and encrypted to a much higher degree --- remained secure.
Yet it sent a second tremor through the Pokerroom.com community, and Pokerroom.com published an explanation (of sorts) here.
Remember that Pokerroom.com is one of the online poker rooms experimenting with a non-resident client; the option exists for users to log in and play through an ordinary web browser such as Internet Explorer. (Thank you, but no.) It may be this which opened up the hacking possibilities that Securident first discovered, but regardless, one thing is now clear: Securident identified Pokerroom.com as a potential target of opportunity for hackers, for which Securident should earn our lasting scorn. It doesn't matter who did the second system hack --- the damage to an online company's integrity was done by another company too greedy in seeking another's business.
In the "sure bet" category --- that Pokerroom.com feels a bit besieged these days, but at least they're aware of and are working on the problems. I'd look at as an example of why a software installation/download setup from a given online gaming company remains by far the safest choice.
And as for Securident, they removed from their archives the initial news release outlining their "discovery" of the Pokerroom.com flaw. Oh, yes, they took a bit of heat for that one.
It seems like we've got an early leader in the race for this blog's Theme o' the Week. Then again, it's only Wednesday...
No comments:
Post a Comment