Thursday, July 06, 2006

Password Troubles at iPoker Remain Uncorrected

A couple of weeks ago a startling discovery came to the web, courtesy of Paul Jones at his UK & Ireland Poker Blog. The subject of the post was the security of players participating at online sites, and his post was a bit of a mindbender, including an image grab showing the evidence.

Evidence of what, you might ask? Evidence that one of the online poker networks, iPoker, is storing its players' logon information --- including each player's password --- in a non-encrypted, "plain text" manner on that player's own computer. Username and password storage is necessary to make auto-logon features work, but to my knowledge iPoker is the only network so far discovered to not encrypt the password in the user computer's registry.

To say that this is stunningly bad programming still understates the matter. Worse, iPoker has, to date, shrugged its shoulders on the issue and claims it as a trivial matter. Poker blogger and news-compiler Bill Rini, author of two widely read poker sites, sent off e-mails to iPoker as a followup on the situation. Here's Rini reporting on iPoker's response:

I received another response from Noble stating "player’s usernames and passwords are really stored in the registry, this is the way our software is designed. However, since the password is saved in an encrypted way we cannot really consider it a serious security issue."

Obviously, iPoker's definition of "encryption" differs from that found everywhere else on the web, or else the customer service person responding to Rini's inquiry believes that encryption means that it's "stored somewhere inside that computer thingy." Both Rini's and the UK site offer images showing that the iPoker rep's claims are false.

Well, we can't reprogram their substandard software for them, but in light of their let-it-be attitude, it's foolhardy to leave any significant sums of cash in your iPoker skin bankrolls. This seems to be one of those situations that they have no intent on fixing until shamed into doing so.

Commence shaming. The list of known iPoker skins:

Centrebet Poker
Sports Interaction Poker
Playgate Poker
Titan Poker
Prestige Poker
Fair Poker
Dafa Poker
BetFred Poker
USA Poker
Diamond Club Poker
Poker770
Kiwi Casino Poker
CDPoker
NoblePoker

Complaints to these skins may also serve the greater good.

No comments: