Sunday, May 28, 2006

A Kickin' Good Time...

... in the Kick Ass Poker Blog this pre-Memorial Day week. Our feature story was another look at the most recent happenings on the legislative front, as certain interests try to curtail online gaming. We also gave pixels to Bluff Magazine's "bubble insurance" offer for WSOP Main Event entrants, the latest news in the legal slapfest surrounding "Calvin Ayre Wild Card Poker," and a bit of a fun diversion... a look inside a typical night's play in KAP's own Stars-based online league. Enjoy! Oh yeah, we're also gonna kick some ass in the Poker Stars online blogger championship!

Texas Holdem Poker

I have registered to play in the PokerStars World Blogger Championship of Online Poker!

This Online Poker Tournament is a No Limit Texas Holdem event exclusive to Bloggers.

Registration code: 5494414

Thursday, May 25, 2006

Kick Ass Poker's Online Poker League --- Week 5 of 8

Warning: Tourney blogging follows... bleep-bloop-bleep-bloop...

And they're off! There might've been some weather-related outages (and graduations) in the Atlanta area this evening... attendance at the fifth of eight of the KAP weekly online tourneys was 12, down some from previous weeks. Remember, it's Thursday nights at 9:00 ET on PokerStars, with the tourney cost a meager $10+1 to face off against some of the toughest players in the Atlanta Poker League. Normal attendance varies between 15-30 players. I'd like to say that I'm one of the few non-Atlanta interlopers in the league, and therefore, as the KAP blogger, my token presence is tolerated. I'd like to say that, but it's not true --- the online league is open to all, but you do have to register over on the poker forums at the KAP mothership. The password to each week's tourney is easy to find once you register, and the registration itself is free and easy.

Plug's over, it's time to get down to business, and we'll do a mini live-blog to give you a feel for the action. This week's participants:

CawtBluffin (moi)

Rough bunch. Mostly former winners and one of the boss dudes, too, that being Spry_14.

Poor jaromed. I started out this tourney by straying from my normal rockish play, which most of these KAP players already know about. Hand 1: I ended up calling jaromed's min-raise from UTG with a suited 4-2, and hit a runner-runner flush to take it down. Hand 2: I limp-call from the SB (with Q-4 off) and hit top pair, and beat jaromed's river bluff. Hand 3: Donkey reputation firmly in place, I play 8-8 from the button very straightforward, and unfortunately for jaromed, the 8 that makes his straight on the turn also makes my boat. Three hands dealt, three hands played. One out.

But it's a fast start to the tourney, and vinestain and HemiLess2 also run into trouble early. And just like that... it's a final table! mony66 is our chip leader, and three of the nine of us will cash. Now comes the renegotiating tight play. Some big hands hit the board, including AA twice, but no one's in a hurry right now. It'll probably go until a collision of big hands before anyone gets knocked out.

And that's what happens when a king hits the board on a three-way flop, and dawggone's A-K holds up over a short-stacked WishICould's K-J. We are eight. And then seven, as mony66 makes a big bet into dawggone66 after losing most of his chips to apwine, who makes a tough call but wins with top two pair. Dawggone's won this thing at least twice already, so he's no one you want with a big stack of chips. Oh, well. I steal a few of those chips with an overpair re-raise, but I'm still in a deep third.

NitroDog goes out in seventh when his queens lose to dawggone's aces. Soon after, DerFleisch sucks out a turn A to survive an all-in against dawggone66, who'd flopped top pair. DF had a solid drawing hand, though. Spry_14 (Jason) makes an all-in re-raise and takes down a pot, loses half his stack in a big confrontation, then doubles through me when he wakes up with A-J in the SB. (I had soooted A-8.) Never say I don't treat my bosses nice. It triggers a bad run where I fold to a re-raise, lose a smallish pot, and before I know it I'm down in sixth of six. Rambler14's back from the depths, having doubled through three times.

But after a tough loss, Rambler's luck finally runs out when his steal attempt runs into a decent Spry big blind, and we are five. I win on a garbage double-through (Q-4 over 2-2) against apwine, but apwine's managing the table well with his big stack. And ultimately, apwine outkicks a short-stacked DerFleisch when both go in with an ace, so we are four.

Did I mention three spots pay? And I finally survive perpetual winner dawggone66 when my K-7 holds up against his short-stacked steal attempt with 7-6. (He's won this twice and taken a second as well, a tough, aggressive player.) But playing three-handed, I soon try a re-raise steal with A-6 and find out that apwine wasn't position-buying from the button --- his A-Q holds up with ease. I'm out in third with $24 and league points, and apwine (Andy) has a 2.5:1 chip lead over Spry (Jason) as heads-up play starts.

Jason puts up a good fight --- he and Andy cagily trade small pots back and forth for quite a few hands, somewhere between 20 and 30. It finally ends when Jason pushes an A-5 into Andy's J-J, and a third J hits on the flop. Tourney over! Congrats to apwine on taking down KAP Online League Event #5, for a whoppin' big $60 first prize! Now that's a fun time.

As for you, dear reader, show up and have some fun. The KAP gang is good peoples, and all "donk" references are made in lighthearted fun.

Double Bubble ... Well Worth the Trouble

There's an old adage that no one remembers the runnerup, only the champion. In poker it's not always true, though the champion always gets the lion's share of the money, if not the fame. But if no one remembers the runnerup, how about the poor sap on the bubble?

Pictured to the right is Carl Ygborn, then 25, of Sweden, as he made his exit in 561st place from last year's WSOP main event. As captured on ESPN's coverage and elsewhere, Ygborn was the official "bubble boy" of the event, presumably getting nothing for his deepest of all non-cashing runs while everyone ahead of him made the money. Of course, Harrah's soon announced that Ygborn would be receiving a free entry into this year's tournament as a consolation prize --- meaning that it was the 562nd-place finisher who really got the shaft.

I bring it up here because of the announcement that Bluff Magazine, in association with, will be offering "bubble insurance" to as many as five just-out-of-the-money finishers in this year's main event. Last year some 350 ME participants took advantage of the Bluff offer, though it doesn't seem as though Ygborn or other near-missers last year were lucky enough to "win" in this promotion last year. Nonetheless, it brings up an interesting situation: if one scoped out all the available promotional opportunities, it might be far more profitable for an extremely short-stacked player to try to be the magic "bubble boy" out then to survive and make the money in the more traditional way.

Bluff's offer is that anyone wearing their branded "bubble insurance" shirt who is among the last five players eliminated before the bubble bursts, receives a free entry into the following year's (2007) main event. Bluff also adds that the top six "bubble insurance" finishers --- overall, not pre-bubble --- will also receive an $8,000 free entry into MansionPoker's "Poker Dome" events, those real-life "turbo" tourneys we mentioned here some time ago.

And the promotional wheel spins. Note that I've conveniently overlooked the fact that in order to take full advantage of all the promotional gimmicks available to this year's WSOP entrants, one would need to wear about six shirts and make the logos of all appear at the same time. NASCAR, anyone?

* * * * * * * * * * * * * * * * * * * * * * * * * * * *

My blog is worth $11,290.80.
How much is your blog worth?

Tucked in at the bottom here --- because it's just not worth a post of its own, is our info from the "How Much is Your Blog Worth?" site. You can see the number --- the blog is worth roughly $11,150 more than my poker game. And all I need to do to increase the difference is type in something meaningless here, like "XXX Asian Porn."

Six digits, baby. Guaranteed.

Monday, May 22, 2006

Poker Laws Again: The Feds, The States, and the Outside Looking In

As promised, we're returning to the topic of recent anti-online gaming legislation, if just for a short bit. Reaction from Washington-based players about to be impacted by that state's lobby-compromised legislators --- if one believes the tales --- is about what one would expect: the word of the day seems to be "disgust." On a similar note, national legislators continue to perform one of the biggest head-in-the-sand routines in recent memory, defying the rulings of the World Trade Organization [WTO], and proving again to the world that we do have our fair share of imperialistic idiots.

In fact, Sen. Bob Goodlatte (R-VA) served up one of the most incredulous comments in recent history when he uttered the following: "Virtual betting parlors have attempted to avoid the application of United States law by locating themselves offshore and out of our jurisdictional reach." Last time I checked, something like 95% of the world's population resides outside the U.S. borders, yet Goodlatte and his ilk somehow maintain the belief that all other countries must be subservient to U.S. special interests, and that all "offshore" companies dealing with the U.S. are really just American ex-patriots on the dodge from American law. Which makes three possible categories of "foreigners" now extant, along with international terrorists/drug dealers and all those starving babies in the UNICEF and Christian Children's Fund commercials.

No wonder people hate us.

I needed a good quote for this piece, so my first thought was to give a call to a Congressman I know, one Rep. James Nussle, a Republican from Iowa who's also now running for governor of that fine state. (That really is a Nussle photo to the right... with appropriate embelleshments.) There are some interesting issues regarding the differences in the approaches that state and federal legislative bides are pursuing as they seek to tax regulate online gaming, and someone who's moving from one venue to the other would be a wonderful source. How and why I know Jim is a matter for another tale --- if not part of a book --- but let's just say that Jim comes from the same cut-o'-the-cloth as Goodlatte and others. Nussle, for his part, is the original Newt Gingrich "paper bag" Republican, and even introduced a comely young intern to Gingrich who at a later point became Mrs. Gingrich. The intern, along with Nussle and yours truly, are all graduates of the same small Midwestern school.

I bring it up because I would swear on a stack of bibles to this: At one time, James Nussle was an unrepentant poker player of the first order. This is first-person knowledge, not hearsay. Therefore, the logic goes, were a pol such as Nussle to align himself with the Goodlatte bloc, it would mean that he subscribes to politics as usual --- that being the normal "Golden Rule" cash-driven politics that mark modern America.

Ahh, but Jimmy's the consummate pol... and he never disappoints my expectations. He would know that I know that his past (at least on this specific matter) doesn't jive well with the legislative morality that often defines his modern right. Therefore, as expected, his office declined to comment.

I'm such a dirt digger.

But left unresolved was a measure of the immediacy of all these legislative actions: Which is the greater threat to the online game, the federal or the state efforts? So I called one of the best and most knowledgable sources of all, poker author Lou Krieger, who's been at the forefront of the reporting and editorializing on these topics on the national scene. That Lou is also a frequent reader of this site is greatly appreciated.

While my gut reaction is to fear the state efforts to a greater degree, Lou was able to show why I was mixing my metaphorical apples and oranges on the topic. It's a macro-vs.-micro thing, it seems. As Lou put it, "When it comes to the business, capital formation, the creation of jobs, growth in equities and stock valuations and the like, then the federal efforts are the greater issue." And on the flip side, "As to laws being harmful to people playing [online] poker, to Joe Individual on the micro level, then the state actions can be important, particularly when state and local authorities go after individual online gamblers to make examples of them."

Well summarized, Lou... and thanks for the impromptu quote. It clarifies for me how the perception of the issue changes depending on the point of view, and it highlights just how nonsensical Goodlatte's crusade is, upon deeper examination. While he may rally the tax-grab crowd to his "cause," the fact is that Goodlatte's view of a proper Internet resembles that tried by Mainland China a few years back.

That Goodlatte's law would screw the American economy out of billions at a time we really need it is, simply, not a factor to be considered. As Lou pointed out, "Goodlatte's legislation will vaporize any revenues that may have come from a well-regulated program of online gaming. Moreover, Goodlatte is himself disingenuous because his legislation carves out exemptions for wagering on horseracing and in fantasy sports leagues."

I couldn't agree more. Wait... isn't Virginia a big horse-racing state? They have only one track, but it's definitely a hotbed of breeders and countrified estates, along with being the polo headquarters of America. Given that, I'd hate to think that partisan politics are sullying the high morals of --- *sigh* --- yet another Congressman.

Moving right along to some other views on the topic.

One of my favorite off-the-beaten-track poker blogs, mentioned here once before, is British blogger David John's White Belt Poker. John's blog captures and adds commentary to much of the British "news" on poker and gambling, much as Dave Schwartz's excellent Die is Cast: Thoughts on a World of Chance does on happenings here in the States. White Belt Poker highlighted a recent article from Great Britian's The Register, which often features gambling-related news. Recently, John served up a link to this dilly, entitled "Illegal Internet Gambling Soars in the US."

The Register article is an exceptional example of lazy journalism, merely rehashing another section of the oft-quoted release from the American Gaming Association reporting on the house-sponsored survey conducted on the AGA's behalf by Peter D. Hart Research Associates. The very first sentence of the Register report tells you where this one is going: "Just 19 per cent of US internet gamblers realise – or are willing to admit – that the activity is currently illegal..."

Well, that sentence is taken verbatim from the AGA release, but its regurgitation by the Register overlooks the obvious: The AGA is the newsy mouthpiece of the brick-and-mortar industry here in the States. As such, the AGA can hardly be expected to take up the banner of offshore poker sites, despite the fact that it recently called for a one-year study of online gaming in general.

I have issues with judging a person or a group guilty before all the facts are in, and I have even greater issues with so-called "journalists" that are too damn lazy to check their sources' motivations. If you haven't read Allyn Jaffrey Shulman's excellent, legally strong analysis of the issue for Card Player Magazine, then please take the time. What you will discover is that the legality of online poker is very much a grey area at the present time --- "the willing to admit [] that the activity is currently illegal" line as spouted by the AGA is at its best debatable, at its worst a deep and sticky pile o' poo.

But I don't fault the AGA for their predictable spin attempt, which falls into the "Demonize the Opposition" category. I fault the Register for being the dolts that they are and running this one without checking the facts. Even funnier is that as a UK-based enterprise, the Register should have a vested interest in UK-based online gaming companies... in this instance, the exact opposite of the purpose served by the piece that they ran.

Maybe they were paid off to run the piece, but that's unlikely. One of the variants of Hanlon's Razor is this: "Never attribute to malice that which can be adequately explained by stupidity." That seems a Register-sized pigeonhole, if there ever was one.

Concerning the AGA, online interests would be well-served to mind another famous line, and whether it comes from the historical (Sun-Tzu in The Art of War) or modern (Michael Corleone in "The Godfather"), its meaning is clear: "Keep your friends close, but keep your enemies closer." Online gaming interests trusting to the support and good intents of the AGA are likely to be disappointed if they need support from that organization at a crucial future point.

If they don't, they may end up looking as vacuous and lazy as the Register.

Friday, May 19, 2006

Kickin' and Grinnin'...

... in the Kick Ass Poker blog this week. Our run of online security issues connected to poker continued this week, with not one but two stories at or near the front of the coverage about's trojan-infested poker add-on, RBCalc. Nasty stuff. Your blogger also had a wonderful time exposing the workings of one of those online poker scams, in this case a ridiculous fraud of a program called Card Swap Pro. One can't always choose what's in the news; one can only try to find items that are both distinctive and entertaining. That's why (to your blogger's great relief) the week wrapped up with an advance release for a summer poker program that looks to be every bit as dreadful as "Annie Duke Takes on the World," but this new program is an offshoot of the WPT.

"WPT Lite" Set for July Debut on Travel Channel

Too much of that security-related stuff, as found in several recent posts, makes for an overly stuffy blog, so it was high time for something "Lite"-er to appear on our screens.

Thank you, World Poker Tour, for answering the call. I was off on one of those web-scraping sojourns, looking for unusual poker content, when I stumbled across the following release over at Poker Gazette. "Professional Poker Tour Selects Poker Pro and Hollywood Personality as Hosts," the release screams, and indeed, the text body proclaims the upcoming debut of the WPT's distinctively named "Professional Poker Tour."

It looks like the WPT is pulling out all the stops for this one; after all, with a lawyer-turned-card-shark (Mark Seif) and an actor whose most significant role is as a recurring guest character in "The Shield" (Matt Corboy) as hosts, I'll be reserving one night a week for this... maybe two or three if I transform into a foaming TIVO addict. One thing's for sure: With a reconstituted attorney doing the play-by-play part of the broadcast, dead air should not be a problem.

--- photo sources, World Poker Tour

The above is the "hosts" publicity shot for the show --- anyone else think it's a bit cheesy? For the life of me, it looks like an outtake from ESPN's "Dream Job," the awful show that weeded through a pack of uninspiring sportscaster wannabes.

This looks to be some fun-nee stuff in the making --- the WPT honchos haven't even named the requisite eye candy as of this report. Perhaps the new WPT hostess, Sabina Gadecki (right), was supposed to have this gig until Courtney Friel's sudden departure. (And a thank-you to dedicated reader "Anonymous" for indirectly pointing out that I had a Friel shot in there instead of a Gadecki one --- I grabbed the wrong photo. Oy and vey, one each.) And about the format of play, why, the press release couldn't be any clearer:

"The action-packed PPT series will showcase poker's 250 leading stars in a new and exciting format, destined to ratchet up televised poker to a whole new level. The PPT will bring to TV viewers the cream of the crop -- 250 of the world's top poker players, culled from thousands who aspire to the first rank. With its PPT Qualification System, the PROFESSIONAL POKER TOUR has ensured the highest level of play at each and every tournament. The first season of jam-packed action will stretch over 24 weeks, spotlighting a stellar lineup of poker's All-Stars – champions from the WPT, The World Series of Poker, and European poker tournaments."

Okay, that's a "To Be Determined" if I ever read one.

One wonders, though, about the ranking specifications within that "PPT Qualification System" mentioned above. Does the 250-player list automatically eliminate from contention the growing number of big-namers who won't have anything to do with the WPT, due to the WPT's overzealous pursuit of universal/irrevocable rights? Does the list of 250 have any correlation to tournament performance outside the WPT, or is it the WPT/PPT version of an Elk's Club membership drive? Maybe the WPT will have sponsor exemptions, like golf tournaments.

Again, this looks to be a no-stops, no-expenses-spared venture. Howe else can one explain that the home page for the program doesn't even list the debut date? (It's July 5th, according to the release, surely a night when millions of undecided viewers will be flocking to their sets.) And I want to beg for action from the hyperbole police when I read dreck like this:

"The PPT will take you around the country to five of the most prestigious casinos in the world."

The rest of the promotional blurbage is every bit as funny. So thank you again, WPT; we all needed a hearty belly laugh. WPT Lite, indeed.

Thursday, May 18, 2006

A Followup Q & A on the RBCalc Trojan

Lingering issues on the "rootkit" trojan discovered to be lurking within's popular add-on application, RBCalc, prompted us to do a little more digging into the matter. There were several questions left unanswered in the information offered by both and the Finnish Internet-security firm that discovered the virus, F-Secure. While it will likely be some some time --- if ever --- before all the questions are answered, we've assembled a quick Q & A for some of the most obvious thoughts on poker players' minds.

1) Who is this F-Secure? Are they some sort of fly-by-night operation trying to make a quick buck?

--- We all remember that not long ago, was the attempted victim of an electronic shakedown by Securident. However, F-Secure and Securident are, in more ways than one, worlds apart... and the answer to the question above is an emphatic "No." Helsinki, Finland-based F-Secure, recently voted one of "Europe's 50 Hottest Tech Firms," is a growing and very legitimate player in online security. They have offices in several industrialized countries (including the U.S.), and their corporate-customer base already includes these stalwarts: IBM, Cisco, Honda, Siemens AG, Cap Gemini, Barclays Bank, Tesco, Deutsche Telekom, Ernst & Young, and Sonera. Truly, F-Secure is not three guys in a boilerroom zapping out the code version of a 1-800-Call-Mee porn site.

2) Is F-Secure trying to make a buck off their discovery?

--- Oh, definitely, but we'll come back to this one in a bit.

3)'s site says this: "The virus goes undetected by Norton AntiVirus and Microsoft Defender, even to this day. This is why we never noticed it until a 3rd party contacted us about the malicious software." Is this true?

--- Yes and no. It was true in the narrowest sense at the time it was written, but things have already changed. We contacted Phil Weiler of Symantec's media-relations team about the allegation, and Mr. Weiler immediately referred us to the relevant Symantec/Norton Antivirus press release on the matter, which you can access here. The virus, which Symantec has dubbed "trojan.checkraised," is a slightly modified version of an earlier backdoor "rootkit" trojan tagged as "trojan.dropper," named for the trojan's methods of dropping the malware executables into place through the "rootkit" driver. If you are running Norton Antivirus with active updates, the specific fix for this virus was created late on May 16th. Any update on May 17th or later protects you against the trojan.checkraised bug.

The difference seems to be in the way F-Secure and Symantec (Norton) detect these trojans; in this instance, F-Secure's "exclusive BlackLight technology" seems to be picking up on a defining feature of the "rootkit" family that allowed this virus to be detected; Symantec, on the other hand, had previously protected against the trojan's early versions, as shown in this March, 2005 update.

Looked at another way, the F-Secure find was proactive, the Symantec followup reactive, but Symantec reacts so quickly that damage is likely only if you're one of the unfortunate first few to be infected, at least once the bug has been discovered. For trojan.checkraised, Symantec released their own fix within a day of their learning of the bug. Remember that this is essentially how Norton Antivirus works: it is at its a core a massive library of known computer viruses, along with the methods for removing them. It is not a method of uncovering unknown viruses.

As for F-Secure, the fact that they do seem to be able to detect this family of related "rootkit" attacks, based on some unspecified generality they seem to share, is exactly the upselling point the firm makes it out to be. It's a good selling point. On the flip side, unless you're one of those unfortunate early few, it doesn't matter whether F-Secure or Symantec uncovered the thing; you'll be protected from it at about the same time. Excepting the hacker who wrote it, no one knew about the trojan before May 16th, when F-Secure uncovered it, and by the following day the text about it being undetectable by Norton Antivirus was no longer true.

While the full impact of the virus has yet to be determined, the trojan.checkraised attack does not seem to be widespread. From the initial report on the bug from Symantec:

It is not considered a widespread nor serious threat, though this is of small comfort if you were in that first handful of players to try RBCalc.

4) Will I be protected against similar attacks in the future?

--- A much dicier question. Since Norton Antivirus accumulates responses to known bugs, any new variant would remain undetected until uncovered by another of that market's players. This is not a comforting thought, given that this avenue of vulnerability has now been exposed to all those Russian hackerz drooling at the thought of accessing the tens of billions wagered over the Internet in the form of online gaming.

5) Will we ever learn the identity of the "contract programmer" responsible for implanting the bug into's application?

--- Iffy. is not exactly PartyGaming, Symantec or F-Secure, and while their quick killing of the infected product is well and good, it doesn't do much to foster trust in future offerings. may be planning legal action against the mysterious person or persons who did this contract programming on their behalf, though if any user actually did lose funds through the illicit operation of the virus, they'd be hard-presssed to go after I didn't run the stuff, so this is only conjecture, yet software of the RBCalc sort invariably comes with the "As Is" type of non-liability disclaimer that basically says, "Here 'Tis; You're on Your Own." Still, has everything to gain by going public with as much information as possible in this matter, as much as to restore their own reputation as anything else... and they everything to lose if they play it too close to the vest. If does offer more information, we will report it.

A half-witty aside to wrap up this post? How about this: With the naming of this new trojan variant, at least has achieved a different sort of immortality.

Tuesday, May 16, 2006

Trojan-Laden Files Mean the End of RBCalc Rakeback Calculator

As mentioned before, some topics seem to run in streaks. For the past few days a number of online and security issues have jumped to the fore, with the latest being the discovery by online security firm F-Secure on May 10th that one of the most popular rake-calculator programs on the web, RBCalc, was actually a "rootkit" program housing four executable trojan files that collected logon and password information for many of the biggest poker sites on the Web.

The KAP Blog first became aware of this issue yesterday when Wil Wheaton posted about it in a column over at Card Squad, containing most of the pertinent information and links to releases from both F-Secure and, the site that initially released the application. One of the four trojan files was a spying application designed to monitor the activities of the following poker-client files:

  • PartyGaming.exe
  • mppoker.exe
  • poker.exe
  • gameclient.exe
  • ultimatebet.exe
  • absolutepoker.exe
  • mainclient.exe
  • pokerstars.exe
  • pokerstarsupdate.exe
  • partypoker.exe
  • fulltiltpoker.exe
  • pokernow.exe
  • multipoker.exe
  • empirepoker.exe
  • eurobetpoker.exe

The trojan component that served as a keylogger and captured i.d. and password information was designed to work with the following sites:

  • CEPoker
  • partypoker
  • pokernow
  • MultiPoker
  • Empirepoker

Two more elements deserve repeat mention. The first is that, the site issuing the offending program (RBCalc), has stopped all work associated with the application, effective immediately. They have replaced most or all off their RBCalc pages with an explanation of how the trojan implantation likely occurred --- they blame an unnamed contract programmer who they hired specifically for this job. (Please visit this page if you have ever used RBCalc, for specific trojan-removal instructions.) Obviously, any trackback concerning this unknown programmer is something that merits further tracking, to see what other industry-links and untoward applications exist, though stresses that its other applications --- Rake Tracker, Your Poker Cash, and Check Raised --- remain secure and unaffected.

The second element is rather more worrisome: the claim by F-Secure that the type of "toolkit" trojan methodology used in this malicious code remains undetectable by major anti-virus players Symantec, McAfee and others, due to the specific nature of the attack used. However, the trojan was also programmed to shut down if certain third-party applications such as Zone Alarm were operating. We'll have to wait and see how much of this is an upsell by F-Secure (and their exclusive "rootkit detection technology, Blacklight"), and how much is a real hole in the process that these other major security-software vendors offer. F-Secure has a demo version that I may just give a trial run...

If there's a moral to any of this, it's that the more "off the beaten path" and specialized the software, the more likely it is that it's doing something more or different than you think. Step carefully out there.

Thanks also go to Lou Krieger for sending along additional information on this story.

Monday, May 15, 2006

This Poker Software Scam is a Real "Hardy Boys" Mystery

Here's the classic way to get a new hole card:

--- from Cassius M. Coolidge's "A Friend in Need," part of the 1903 "Dogs Playing Poker" series

Scammers have it easy in these Internet-driven times. Not only do have they the world as their potential market, but they also have the world as a potential publicity tool, as well. Such is the nature of the web, that a site's success is measured by views and click-throughs, rather than the quality of whatever is being viewed or clicked.

With the proliferation of poker sites, many driven by these same economics, it's a smorgasboard of opportunity for certain poker-themed scam artists. And if it doesn't work once, they can just try it again. Even many of the news-driven sites are nothing more than glorified link farms. Contrast them against the original, quality content you'll find at a site such as the mothership, and you can see that these venues do nothing more than rehash whatever drivel and pap they can find, the better to justify their own existence.

Sites like these are avenues of opportunity for even the most pathetic of scammers, and one of these sites, Poker News Hub, gets a nice juicy raspberry here for their laziness; in their efforts to create links and generate page views, they'll throw any "news" release that mentions the word "poker" into their site, motive of the issuing party be damned. Poker News Hub and its ilk are a dime-a-dozen, necessary-evil type of thing; most of what's here is garbage, but the standard for inclusion here is so low --- or rather, non-existent --- that it's a site ripe for both exploitation and the monitoring of same. There's a quote from a famous science-fiction author that's applicable here; unfortunately, I can't remember the precise author --- it might have been Philip K. Dick --- or the exact wording of the quote. It's something like: "A cow is that object occupying the space which would otherwise be occupied by another cow." If Poker News Hub wasn't there, some other vapid poker mindlessness would occupy the same spot.

Yet PNH is the receptacle, not the disease; our main tale concerns a poker-software scammer just barely savvy enough to figure out a way to publicize his warez, and PNH is here because they seem to be the only one stupid enough to air it to date.

Volunteering as Stupido #2: Your faithful blogger. If only because I enjoy wandering into seedy tenements with a flashlight to watch the cockroaches skitter for the cracks. Therefore, let's shine a light on one of the most recent poker scamroaches to grace the scene...

A few days ago, PNH served up a press release titled as follows: "Poker Cheat Software Corrupting the Honest Player," which they dutifully pulled in from PRWeb, one of those publicity sites where anyone can type in a press release, tag it with a few keyword identifiers, and send it off into the world. The "release" starts off with the di riguer italicized deck...: "The arrival of online poker cheating has changed the way we play forever. But software, card predictors and other nefarious tools are giving some players an unbeatable advantage."

Let's continue into the body of the release:

"Los Angeles,CA (PRWEB) May 10, 2006 - Adam Hardy and his brother Douglas are not surprised. Arguably the foremost leaders in poker software testing, The Hardys’ have taken on a very personal mission to see if there is a mechanical 'edge' that can be gained using software in the ever popular online poker world.

"'Online poker has exploded,' say's Adam in his recent blog. He points out the fact that there are literally hundreds of offers of so-called miracle products that guarantee consistent wins at the tables."

Alright, who the hell is "Adam Hardy and his brother Douglas"? And who beside the person doing the writing of this is arguing that they are "the foremost leaders in poker software testing"? Do a Google search for "'Adam Hardy' + poker," and you'll find nothing except a few threads leading right back to this release.

But you will find the something else if you do that search, an almost identical PRWeb release dating from March 27th:

"The arrival of pokerbot technology has changed the way we play online poker forever. Bot software is giving some players an unbeatable advantage.

"Los Angeles,CA (PRWEB) March 27 2006 - Adam Hardy has tried them all. Arguably the foremost leader in poker software testing, Mr. Hardy has taken on a personal mission to see if there is a mechanical 'edge' that can be gained using software in the ever popular online poker world.

"'Online poker has exploded', say's Adam in his recent blog. He points out the fact that there are literally hundreds of offers of so-called miracle products that guarantee consistent wins at the tables."

Looks like Adam rewrote himself into having a brother between the end of March and mid-May, since no one picked up the release the first time around. (Well, not really: "Douglas" was listed as the contact for the first release.) But bear with me, readers, for this one just gets funnier and funnier. Let's move down in the press release --- either one --- to the next gem:

"'Poker bots and the like can potentially change an online poker players income dramatically,'" [according to "Hardy"]. "Without confirmation if the Hardy brothers use cheat software themselves, he adds 'It’s absolutely insane out there, there is even a brand new product hitting the net that actually lets you change your starting hole cards.'"

My! Being the curious type, I decided to check out the blog mentioned earlier, though this thing even gives blogs a bad name. The blog contains five entries total, two presumably from April 18 and another three from April 20. Interesting, indeed, considering the March 27 version of the press release quotes the same damn blog, yet there's no archive of anything prior to that 3/27 date. Just as a guess, I'd say that "Hardy" deleted and re-posted the entries that you can currently see by checking out that blog.

Now why would he do such a thing? Maybe the most recent of the posts could explain it. Titled "New Poker Cheat Software Changes Hole Cards," it contains, among other wondrosities, the following dreck:

"Someone tipped me off on the latest product that's just now starting to circulate the net. It's software that gives you the god-like power to switch your hole cards.

"Basically meaning you can give yourself pocket aces everytime. Absolutely insane. I don't know how long online casinos can survive when more and more of these cheating products keep coming out.

"I also have no idea how long a product like this can last before it's forced off the web.

"For those brave enough, or for just the plain curious you can try out a free demo here."

And of course, that's linked to the site where one could purchase the software, over at this lovely site:

Oh, wait, haven't I seen this routine in every lame informercial since the advent of cable TV? The ol' "disbeliever becomes the apostolic sycophant" curveball? Geez, even the Magic Bullet dreck does that one better.

But seriously, a product that changes the hole cards and supercedes the 256-bit encryption that marks the Party Poker random-card-generator engine that's mentioned in the ad? Silly. But while you're at if, if you do buy the software and use it, I'd recommend changing your hole cards to say, the ace of spades and another ace of spades. That way, if your opponent has one, too, there'll be three of them in play.

Pardon me while I gasp for breath. Here's one of the lovely scenes from the "demo":

All the program is doing is swapping the card images from the library where those are stored on your computer, when you originally installed the Party Poker client. Nothing more. This rather neatly explains the clause elsewhere on the scam sight that tells you that on occasion you cards will be switched back to their "original" content.

I never had a doubt on that one, either.

If you haven't figured out that "Adam/Douglas Hardy" and the "John Desmore" that owns the CardSwapPro website (and a duplicate web site, CardswapElite are one and the same, then I've got a 12-pack of Pokerbot Pro packages with your name on them. Both the press releases and the domain for the CardSwapPro site emanate from Los Angeles, though we can presume that the names and addresses are fictitious:

Domain Name:

Registrant Contact:
John Desmore
Card Swap Elite
122 BushHill Rd. Apt #204
Los Angeles, CA 4507

Administrative Contact: (same)

Technical Contact: (same)

Billing Contact: (same)

Record created on 2006-03-18 13:54:10.
Record expires on 2007-03-18 13:54:10.

Note that the record was created on March 18th, just days before the first version of the press release that none of the poker-newsie sites picked up on. (Another coincidence, certainly.) Also note that there seems to be some connection between this scammer and the David Glazen/Ken Chan persona that's behind Pokerbot Pro, and you can read a little bit more about that one here. Your blogger offers no opinion on whether any of the names mentioned in these releases are genuine; rather, we're only relaying identity information found elsewhere on the web. As with other forms of scanning and spamming, this type of identity obfuscation is par for the course.

One opinion is offered here with certainty, however: CardSwapPro/CardSwapElite is a scam of the first order. Not only does it not work, it's not supposed to work; a quick glance at the disclaimer says volumes more about the software and its author/seller than any artificial claim ever could.

Sunday, May 14, 2006

Another Ass-Kickin' Week...

... in the Kick Ass Poker Blog, offering some of the most distinctive poker content on the Web. The security issues connected to online play made our blog twice this week, once with the implementation of a new anti-bot measure by Party Poker, and again with the examination of a slightly fishy press release that may or may not be what it seems. We also learned that Pacific Poker and its parent company were added to various Net-watchdog "rogue" lists for uncorrected spamming and content-theft issues, and made one of our occasional ventures over into "Strategy Corner" for a look at a generally understood but seldom discussed aspect of the proper time to imitate a rock in super-satellite play.

By the way, we've got some wonderful content coming in the next few days. Check back soon!

Guarding the Seat: Being Conservative in Satellite Tourneys

Satellites, super-satellites, super-super-satellites... you get the idea. With the WSOP fast approaching, virtually every site has its own play-your-way-in structure of small-buy-in events, with the lucky winners moving every higher on the period in an attempt to leverage their way into a Las Vegas trip, much as Chris Moneymaker did when he parlayed that $30 buy-in at Poker Stars into a $2.5 million payday back in 2003. However, it takes repeat success to move up the ladder in this fashion, and it really is a case of capturing lightning in a bottle.

Still, dreams are cheap, and that's part of the fun.

But the frequency of these events right now and a recent fun time by me over in a like-structured in's Blogger Poker Tour allows for the examination of this topic in an unusual way. When you're in an event where only one person moves on, then you play to win. But what's the right strategy when say, 30 people out of 1,000 entrants win the right to move on to the next step on the ladder?

The answer is that aggressive play is needed only to a certain point; in certain circumstances the ultra-rock perspective is the hands-down best bet. Simple enough. Most players monitor the leaderboard in large-field supers, such as the freeroll WSOP tourneys over at Full Tilt. During play it's easy to see the compressed nature of the stacks, and most people have a general feel for the right play. There's just no need to keep pushing hard if you've been fortunate enough to amass a huge early stack. But at what point do you hit the brakes?

While there's no one-size-fits-all answer, due to variations in the escalations of blinds and antes, there are some general guidelines one can use in large-field satellites of this nature. Start by using the formula that will show you the average [mean] chip stack at the point the bubble bursts, but set it up in this manner:

(# of players) * (Starting chips) / (# of seats awarded) = Avg. stack

In this example, let's say that 1,200 players start the tourney with 1,000 chips each, and the last 30 players will win seats to the next higher tourney on the ladder --- perhaps the final. So our formula becomes:

1200 * 1000 / 30 = 40,000

When the bubble bursts, the mean chip stack will be about 40,000 --- and most of the sites that offer this statistic show this figure at the moment it occurs. 40,000 chips sounds nice, and in fact, chances are the dropoff point in the field just prior to the bubble bursting would be down around 20,000, perhaps less; the short-stacked stragglers tend to thin out below 50% of the mean stack in these circumstances.

But the bubble point itself isn't the question; gauging your progress in the rare instance you make a huge early push is.

Rather than the by-guess-and-by-gosh method, simply use a "two times, three times" approach. If you're able to get your stack up to "two times" the number that will be the average stack at the bubble, or in this case, 80,000 chips (2 x 40,000), then rock-like play is called for, contrary to the approach used in most other tournaments. Play your monster pairs and suited slick, and don't worry about too much else unless the pot offers you enormous odds on a cheap knockout. And if you get to the "three times" level, then consider that "auto-fold" button for the remainder of the tourney. You have no responsibility to the other players to knock out the shortest stacks on their behalf --- the same number of the remaining players are going to join you in the next tourney, whomever they happen to be. The worst thing you can do is to speculate on a coin-toss situation when you have no reason to be in the hand in the first place.

Put in on cruise control; pack it in. Trust that the ever-increasing blinds will force the confrontations that will continue to winnow the field... they always do. After all, you've got your seat already.

Thursday, May 11, 2006

A Classic Catch-22:

Digging through the overload of bad-beat and hand-history dross that marks most online poker wordage, I stumbled into an interesting link courtesy of Online Poker News. This one appeared for a few hours in the "Breaking News" flowing banner, located top-'n'-center on OPN's home page. But breaking in what way? Not only was the banner originally linking to the press release no longer there when I returned a few hours later to research the topic; the press release itself was nowhere to be found.

I lo-o-o-oves me a mystery. Hot diggity! Even though this is likely a case of just a dropped link over at OPN, it's interesting that it involved one of the most curious of recent poker news releases --- curious for an entirely separate reason.

Or maybe not. Maybe Online Poker News gave a little bit more thought to the meaning behind this mystery release, as we will here, and decided to pull the thing until more information could be determined.

The release involved an announcement from, proclaiming the availability of a freeware program designed not only to block trojans purportedly incorporated within some sites' poker-client packages, but to offer all kinds of anti-cheating functionality for use on a few of the largest sites. "100% Protection from online Poker Cheaters!" the site proclaims. It then goes on to tout the ability of this freeware package's software to help "expose poker teams," track "pro's [SIC] who win Large % of games," and of course, to install a special firewall to prevent the online site's software from doing things other than it's supposed to. The site also says that "we monitor [read: data-mine] all the top online poker rooms..."

Well, not all top online poker rooms, by most definitions, though the sites included here as being monitored are Party, Pacific, Full Tilt and Empire. Whether the Empire inclusion is pre- or post-split with Party is unclear.

(As an aside, someday we'll explore the whole "Party Poker Trojan" situation in detail, but that's a topic for another post. Suffice it for now to say that if Party Poker is using a trojan at this time, it's on the mild end of such malignancies.)

The point of this whole post, to misquote the line from Ghostbusters, is, "Who you gonna trust?" On one side we have a publicly-traded company with a market valuation in the tens of billions, and on the other a self-publishing techie who may be doing this for... whatever reason?? As the site says (SIC warning intact): "Some of the best organized gangs and scam artisit in the world have started attacking online poker rooms using trojans and virus's. The industry is just moving to fast to keep up with this kind of effort."

And phishing attempts come in all shapes and forms, and the moon is indeed made of blue cheese. I think this truism is the likely explanation for the disapperance of the link from OPN. This software, pure or not, just needs further checking.

Given that any program that can detect and block trojans and other viruses must, by definition, have some sort of trojan/virus functionality itself, the last thing I'm going to do is install this guy's package, at least until it's been verified as legitimate by a reputable third party. "This guy," it turns out, is an Illinoisian named Larry Brunken, who does have some previous credits in the freeware and RSS/XML areas. He might also be the same Larry Brunken who won a brand new Phillips HDTV through an adult-site sponsored giveaway --- compound web searches being such a weird and enabling thing.

Ooops. Sorry about that, Larry.

There's a classic Catch-22 here: Think about all those hundreds of thousands of players in this site's database, and note that another function of this software is to store and re-display your own hole cards for reference. Now, what if the cheaters were the ones behind the software? (I'm not saying they are, I'm saying what if.) Why, they'd have access to your hole cards, could hunt you down at your tables as you play, and since this software is relaying information from a private database on the fly, it would block the screen names of the people accessing that information. In other words, this software opens you up to exactly the type of third-party access that its author is trying to get you paranoid about in the first place.

There's even a demo on the site, showing how one can set up the software's firewall and supercede the controls of a site such as Party; the "Poker BodyGuard" logo here is screen-grabbed from that portion of the demo.

It's not a bad site, visually, though the grammar found here is a notch worse than that found in, say, an '80s-vintage Konami arcade game. Dreadful, in other words. and some of the claims seem outlandish, such as this:

"Some programs allow one person to login to many accounts at a poker room without any trouble. These user WILL not be detected by the poker rooms but will be caught by PokerBodyGuard."

Exactly how, pray tell? What secrets of the world does our heart-of-gold Illinoisian possess that the combined resources of an online industry can't figure out?

I'm not saying that this software doesn't do what it says it does, with purity and cleanliness all around. I just know that this is something I won't be the first to try.

But let me know if you do. I've got to admit I'm curious.

Party Poker Makes Bots Go "BUTSO" with CAPTCHA Pop-Ups

A day or so ago, your blogger happened across a funny, yet intriguing, post at 9-2 Offsuit. Funny because... well, you can see why, and intriguing, because it's another facet of the counter-measures against poker "bots" that we seldom get to see.

The pop-up pictured here features what is called "CAPTCHA" technology --- CAPTCHA being one of those things that we encounter every day but, for the most part, don't know what it's called. Go look it up at Wikipedia if you want to know what the acronym stands for. The image was first posted over on the 2+2 discussion forums, where such topics are often discussed. But, all the subsequent comments about going "Busto" aside, it's an interesting spotlight into the current state of bot-detection efforts.

Based on the information in various posts, the pop-up occurs for certain multi-tablers after a minimum of two hours of play, and the distorted, random-generated letters must be input by the player within 120 seconds, or else that player is made to sit out.

Clever enough. Your blogger e-mailed Party about when the upgrade to the detection software was put into place; I didn't expect an answer... and I wasn't disappointed. Moot point, anyhow. But since such a pop-up is a neat, elegant solution to the type of poker-bot runner epitomized in some of the "sky is falling" articles that have appeared on the topic, the question is this: Why hasn't a major site implemented something like this before?

The logical explanation is that, to date, the proverbial bark has exceeded the bite --- the implementation of effective poker-playing bots has been both overestimated and overrated. I find that reassuring. In fact, this can be seen as a preventive measure as much as anything, more an indication of goodwill and planning than a knee-jerk reaction to something already out of control. Because why? Because a fix like this is so commonplace; it's just not that big a deal to implement in the overall scheme of online-poker software. Since it is so commonplace, it means that the underlying impetus couldn't have been out of control for any length of time, if ever.

While there certainly are poker bots in use, their impact is likely smaller than the doomsayers would have us believe. Yes, there are cheaters out there, but bot-players are one of the cheating methods least likely to be effective to any real extent. They'd rank (at best) at #3, behind multi-accounters and IM/phone collaborators, certainly the two areas where the online game suffers most.

With the "bot" menace now properly sized, perhaps those proclaiming their use and proliferation will just return to their normal "online poker is rigged" meanderings.

It's doubtful... but one can always hope.

Tuesday, May 09, 2006

Pacific Poker, and Spam... Who Woulda Thunk It?

From the "So This is News?" department comes a piece today courtesy of the folks over at, one of the more poker-newsworthy destinations on the web. The release isn't so much an original reporting as it is a relaying of news from yet another source, InfoPowa News, confirming what anyone who's been around the poker world already knew: Cassava Enterprises, parent company of Casino-on-Net ( and Pacific Poker, is an unrepentant, long-term, pervasive spammer.

Here's a "Thank you, Captain Obvious!" --- just because your blogger's in a smarmy mood this evening. My collection of spams from the upstanding citizens at Cassava dates from (I believe) 2003, and is one of the reasons I quit playing at Pacific --- that and the crappy software and the ridiculous slow payouts --- those take five business days so they can sit on your money a little longer and grab a little bit more float-generated interest... courtesy of you.

By the way, Cassava has also been cited in the InfoPowa report as being one of the leading blog spammers; Cassava, true to form, remains consistent in their belief that the best advertising is that done on other people's dimes.

According to the initial article, which can be read here, "Casino Affiliate has pulled's accreditation after months of attempting to reason with the gambling group regarding its '…failure to reach an amicable resolution involving known content theft and blog spamming being performed by their top affiliates and consultants.'"

In addition, according to the release, placed on its "Rogue" list last week, and iGAMI took similar action.

Now place this in the context of how large Cassava is --- as of mid-2005 they were the third largest of all online-gaming concerns behind Sportingbet PLC and PartyGaming, although this encompasses all online gaming, rather than just poker. In a nutshell, Cassave is (a) huge, and (b) as scummy as they come. In a time when online gaming is under legislative pressure on many fronts, it is my not-humble opinion that online poker players need to do whatever they can to make the Cassavas of the world... go away.

Coincidentally, your blogger's other poker site (it's in that list over on the left, bucko) was approached by one of the very same Pacific "affiliate" contacts for a proposed ad swap just last week. I turned down the offer out of hand. I don't do business with Pacific Poker and I haven't for some time. I don't care how soft the games are; I just refuse to do business with the likes of Cassava.

As always, these opinions are my --- and only my --- responsibility; KAP's boss honchos Jason and Brad are not responsible for the directness of my words. Soapbox tucked away now. 'Night, all.

Sunday, May 07, 2006

Something Old, Something New... the Kick Ass Poker Blog in recent days. Twin posts early in the week returned to the general theme of online-room security. We also touched on one of the best episodes (to date) of NBC's 2006 National Heads Up Poker Championship, and finally, a lengthy look at charity in poker, headlined by the arrival of BenefitPoker, a site dedicated to charity events. Dig in, absorb... and comment, too: we can take it.

A Charitable Thing

Is begging for play chips allowed?
Certainly not. Any player found begging others for play chips or UltimatePoints will have their chat suspended, or may lose playing privileges permanently.
--- from the FAQ for BenefitPoker, a charitable offshoot of the folks at UB.

Poker and charity aren't necessarily two words that go together for a lot of players, early mnetions of Barry Greenstein notwithstanding. So we're going to use this week's space to feature the marked growth in the charity-poker area, headlined by the recent launching of the first website dedicated to charity-tournament purposes, BenefitPoker.

BenefitPoker is part of the Excapsa Poker Network, which counts UltimateBet as its largest entity. A closer look suggests that BenefitPoker really is just UltimateBet in makeup and a new dress, but that's okay --- the purpose served by the new site is well worth duplicating the UB software onto another server, which is what seems to be have been done. UB is keeping its own face at a low profile, too, for which they deserve additional high marks. Especially in this time of legislative unrest --- a topic we'll return to in the very near future --- a site such as BenefitPoker is an idea whose time has definitely come. I'm a realist, after all; I say these things because they are true, not because they're necessarily pleasing to hear.

The tourneys at BenefitPoker run similar to the formats used for other charity tourneys to date --- a portion of the fee goes to the prize fund, and the remainder goes as a direct donation to the charity of choice for that tourney. This is similar to the "semi-postal" stamp that was a staple of European markets for decade, and only caught on here in the States in the last decade or so. The principle is the same: In the case of a first-class semi-postal stamp (such as the "Breast cancer Research" stamp, the first such U.S. issue, pictured below), all revenue collected over the first-class rate is sent on to the charity depicted on the stamp; the stamp itself is still worth whatever the first-class rate was at the time of purchase.

And unlike governments, BenefitPoker doesn't take out any fees, according to its web site. Everything paid in by participants goes either to the prize fund or the selected charity. In a tourney that ran earlier today, for instance, benefitting the American Stroke Association, the $25 dollar entry fee consisted of a $15 donation to the prize pool and a $10 donation to the ASA. Here are the other fine charities who have already benefitted from a BenefitPoker event:

  • Operation OZ Kids USA
  • The Rotary Club of Brampton-Heart Lake
  • Cystic Fibrosis
  • Diabetes Association
  • Junior Achievement
  • The Arthritis Society
  • Halton Woman’s Place
  • Juvenile Diabetes Research Foundation
  • Hunter’s Fund
  • Make-A-Wish Foundation
  • The Minneapolis Foundation

From small starts greater things are built. BenefitPoker even includes a play-game area, again mirroring the UB/Excapsa software and play. This is a great way for a small benefit to experiment to the site to make sure it works "as advertised," and to ensure its suitability for the event. And while the site's other promotional offerings are still thin, it's nice to see the UB stable of stars --- David "Devilfish" Ulliott, James "KrazyKanuck" Worth, Phil Hellmuth, Annie Duke and Antonio Esfandiari --- pitching for the cause, at least for the duration of a photo. (As an aside, I never realized just how... distinctive... UB's "celebrity" lineup was until I saw it here, in a non-UB setting. More fodder for the future-post file.)

As expected, players who already have a UB account will have the easiest time in starting play at Benefit. While a separate download/install of the poker client is still required, the player's original UB player information as the player signs up and begins play within the Benefit system. This may preclude the player from participating in other UB or Excapsa tourneys on the main system at the same time; the BenefitPoker site, as of yet, doesn't address the issue. So while the support site still needs a little more work and a little less copying over of text from UB that can take on another meaning (top), this is still something nice to see.

I hope it does well, and I hope it gains a high enough profile to be of greater good to the larger poker community.

Same general topic, different points. Charity poker tourneys are nothing new; Phil Gordon's "Put a Bad Beat on Cancer" tournament, which also featured NASCAR star Jeff Gordon as a high-profile spokesman, is a prominent example; Barry Greenstein's largess with his tournament winnings, alluded to above, is another outpost on the mountain. These events occur all the time, serve to do wonderful work, and are a welcome addition to the modern poker landscape. BenefitPoker gets the press here because it's a distinctive idea --- having a site dedicated just for this purpose --- but whether it turns into a long-term, high-profile success is anything but sure.

Charity is one of those things that this blogger believes to be a very personal endeavor, and this is why the aforementioned site comes with the recommendation of something you can do, not something you should do. Same thing with poker, actually. I was recently asked to participate in a charity tournament by someone who felt that by playing in a charity-poker event, the player could somehow make his or her playing poker seem more "legitimate" to a relative, a great-aunt or something who believed that poker was a vile, indulgent pastime. (I'm playing loose with the wordage here, too, just to create the example.) But I don't buy the principle --- one should give to charity because one wants to, and one should play poker because one wants to, as well. Trying to justify the playing of poker in this manner is akin to admitting that playing poker is a form of unsavory behavior in the first place.

I'll find a better reason, for poker and for charity. I bring this up here, because it's also relevant to the poker-legislation issues just hinted at up at the top, a topic which we'll have to return to next week. Trying to justify the playing of poker in the example cited above puts the poker player on the defensive, and that's the last thing that needs to be done when dealing with self-righteous folks such as His Virginian Eminence, Bob Goodlatte. (No slap at Virginia, by the way --- the phrase just sounded neat.) I'll be damned if I'm going to grant the moral high ground to Goodlatte and his ilk, particularly when their U.S.-centric crap is the type of nonsense that contributes to America's bad image around the globe. But, lest I wander off into a rantfest, it's time to bid these hole cards adieu.

The Round of 16: The Luckbox Strikes

Have you been watching the televised episodes of the 2006 National Heads Up Poker Championship on NBC? The most recent episode to air covers the Round of 16, and it confirms one of the truisms of tournament poker. Even the greatest players still need to have the proverbial horseshoe firmly in place on occasion --- they'll seldom win tournaments without at least one glorious suckout or other bizarre turn of fortune.

By now everyone knows that Ted Forrest won the thing --- thereby explaining the wave of Forrest-covered magazines now plastered across the land --- but only in today's episode did we see how close Forrest came to not making his way into that high-test final matchup against Chris "Jesus" Ferguson. Remember that Forrest is not only good; he's very, very, very good, probably among the top ten players in the game.

Still, I'd rather be lucky. As Forrest was in this one. And there's not much the cameras can do to edit the facts, though in retrospect the ratings gods were smiling down at Harrah's that day in early March.

The setting for the suckout was Forrest's Round of 16 match against the unknown Ernie Dureck, who'd already went up against Scotty Nguyen and Paul Phillips and survived them both. In this match, Dureck had taken roughly a 3:1 lead, catching aces and getting full action on them from Forrest.

Forrest, already way short, caught a nice enough hand for the spot, something like A-10 off. Dureck, though, found the rockets again, came over the top of Forrest's raise, and was called all-in.

Drumroll for the suckout: Two baby cards on the flop, and runner-runner babies on the turn and river (a five), to complete the wheel, force a chop, and keep Forrest in the match. And on the following hand, they got it all-in again, with Dureck again a favorite, though only 57:43 this second time.

It didn't matter.

Yee gods. Figuring the odds at the time the money went in (pre-flop in both hands), Forrest had less than a 10% chance of squeaking through this two-hand box and continuing on against Dureck. Those aren't impossible numbers, but it's still an important reminder of how fickle Lady Chance can be. I tend to root for the underdog, and here's an instance where a relative unknown (Dureck) did everything right and was simply not rewarded by fate. That's as tough a beat as can be.

An excellent episode, overall. Included are a questionable slow play (as commented on by Gabe Kaplan) by T.J. Cloutier in his match against Daniel Negreanu, and the capturing of some hyper-aggressive --- and largely unsuccessful --- plays by Josh Arieh and Scott Fischman.

Wednesday, May 03, 2006

More Troubles with Security?

Back at the start of April a story broke announcing that Securident, a company specializing in online-security concerns, had uncovered a major security flaw in the software of, part of the Ongame Network. The exposed software flaw allowed a hacker possessing the right information to access (and potentially drain) the accounts of other players. Bill's Blog was one of several poker-news sites to feature the release. It wasn't featured here because it was already in the news at several high-profile sites, and there was no information that your loyal Kick Ass blogger could add to what had already been reported.

The release turned out to be a high-tech shakedown by Securident: the firm apparently does some or much of its business by hacking into other's sites, then selling their services to fix the sites that they themselves have hacked into. Yes, this is the moral equivalent of a legal firm that just goes from one class-action suit to the next, intent on extorting out-of-court settlements from whomever their target du jour happens to be, simply as a cheaper settlement option to the victim than actually going to trial. But that's a vent of a different temperature.

What happened in the instance, according to all accounts, is that told Securident to go whistle --- they'd fix their own ['s] system, and not pay off any sort of high-tech blackmail to the firm that hacked that system in the first place. And so the story should have died.

Except it didn't. It didn't receive as widespread an airing, but a second hacking incident at subsequently occurred. We discovered it over at White Belt Poker, a small British poker blog. On April 14th or 15th, another hacker or hackers attacked the system, and ultimately cracked into and controlled the "chat" part of the system for some four hours. Spams were sent throughout the system, and false messages were propogated under many of the real users' names. And again, it took techs some four hours to regain control over their chat system, though the financial and gaming aspects --- always encoded and encrypted to a much higher degree --- remained secure.

Yet it sent a second tremor through the community, and published an explanation (of sorts) here.

Remember that is one of the online poker rooms experimenting with a non-resident client; the option exists for users to log in and play through an ordinary web browser such as Internet Explorer. (Thank you, but no.) It may be this which opened up the hacking possibilities that Securident first discovered, but regardless, one thing is now clear: Securident identified as a potential target of opportunity for hackers, for which Securident should earn our lasting scorn. It doesn't matter who did the second system hack --- the damage to an online company's integrity was done by another company too greedy in seeking another's business.

In the "sure bet" category --- that feels a bit besieged these days, but at least they're aware of and are working on the problems. I'd look at as an example of why a software installation/download setup from a given online gaming company remains by far the safest choice.

And as for Securident, they removed from their archives the initial news release outlining their "discovery" of the flaw. Oh, yes, they took a bit of heat for that one.

It seems like we've got an early leader in the race for this blog's Theme o' the Week. Then again, it's only Wednesday...

Tuesday, May 02, 2006

The Other Side of the Coin: When Online Poker Security Gets it Wrong

Let's face it. If you're going to play poker online, then you have to have interest in the measures that online sites take to protect the integrity of their games. This blog has touched on a couple of recent big-name scandals in other posts, but this time we head down another path. What happens when a big site that prides itself on its security measures screws up, and wrongly accuses one if its players of cheating?

It's not a made-up question. It happened recently at Poker Stars, one of the sites at the forefront of security-related news. And it calls into question the limits and drawbacks that even the most well-intentioned security systems can have.

The story was... odd. On April 17th, a frequent poster on the 2+2 poker forums, "TeddyFBI," started a small storm with a post entitled, "Stars catches a bot and it' mom." The poster, who also maintains his own poker blog here, told the tale of his 55-year-old mother, who had been thrown off Poker Stars for purportedly running a bot. The poster's mother exhibited behavior perhaps not normally seen --- such as multi-tabling up to six games at the mind-blowing .02 and .05 limits --- and there was once a period of 43 hours where her Stars client was open and running continuously. (I've actually done that one myself --- taking a break from the games, moving to the couch for the respite... and waking up in the morning.)

But in the above case, it turned out that there never was a bot at all. It was just overzealous interpretation of misleading data by one of the security savants at Stars.

It took 72 hours of bad publicity on the 2+2 forums for Stars to get their proverbial shit together and reinvestigate, and in the end they found that their original judgments had been mistaken. The second of the 2+2 threads, detailing the followup, can be found here.

The fact that the big poker sites can and do get it wrong should give us all pause. In a recent piece, webcast host and resumed poker blogger Amy Calistri rails against these sites for playing it so close to to the vest, in not sharing more detail about the measures they use to identify online cheaters. The case above inadvertently proffered one of the "flag" triggers --- having the poker client open and continuously in use for 40-plus hours of play.

Calistri's point is valid; and though it's also easy to understand the sites' desire to keep their cheating countermeasures secret, they're not quite in tune with the real world. Because of this, they come off as being too high-handed and self-righteous in their efforts. Let's create an example to illustrate:

If Stars (or any site) implements Measure XYZ and it's a success, they'll catch a handful of cheaters. But those cheaters don't operate in a vacuum: they'll be out there telling other cheaters their own best guesses at what led to their discovery. Soon, after some short period has elapsed, this fictitious Measure XYZ stops being an effective measure --- its time has come and gone. And at that point, there's no valid reason for a site to not publicly disclose what that measure was, and even such proprietary concerns such as not wanting to let other poker sites in on their secrets doesn't cut it; poker sites need to work in concert, rather than as independent entities, to combat online cheating.

In the above instance, Stars screwed up, though they recognized the error of their ways and made things right. Yet in other ways, they've still got it wrong.