On Thursday, Cake Poker, the flagship site of the Cake Poker Network, mended its security issues by adding SSL encryption to its old client and new beta software. PokerTableRatings.com, which first reported the security vulnerability back on July 26th, has confirmed that it has not been able to crack the new encryption.
Lee Jones, Card Room Manager for Cake Poker, told Poker News Daily on Friday, “Player security is of the utmost importance to us. Our software team has been working overtime to add the SSL layer to our server-client communication and it is now in place on both our regular client and the new Client 2 beta version.” The security issue that plagued the Cake Poker Network was nearly the same as the one that occurred on the CEREUS Network in May. There, UB.com and Absolute Poker were affected.
The Cake Poker Network used a custom-based XOR encryption that PokerTableRatings.com programmers were able to crack. In fact, the site suggested that any person could simply launch their Windows calculator, switch it to Scientific mode, and start decoding the Cake Poker Network’s XOR. Consequently, players who hit the virtual felts on an unsecured wireless network were in danger of having their hole cards and account information compromised.
Text found on PokerTableRatings.com explained, “This encoding leaves players’ accounts as well as hole cards vulnerable to being stolen by any third party who is in between the player and Cake’s servers, as well as anyone who can snoop on their traffic.” On August 4th, Cake Poker rolled out SSL for the old client, but ran into issues on Thursday and removed SSL entirely. PokerTableRatings.com staff speculated, “We believe this is due to serious stability problems they’ve had since implementing SSL support.”
By the end of the day on Thursday, according to Jones, all Cake Poker Network skins and the network’s flagship site had SSL encryption. In response, PokerTableRatings.com admitted, “We have been unable to reproduce any of the vulnerabilities we detected previously.” If players were unsure as to whether they had SSL on their Cake Poker Network clients, they were advised to head to their C Drive, Program Files, and then navigate to the folder containing the name of their skin.
Once there, players were asked to look for the icon labeled ssleay32.dll. If the dll file is not present, then the software has not yet received the update. If it is present, then it is safe to play on the Cake Poker Network.
On TwoPlusTwo, a maelstrom of controversy erupted in a thread entitled “Possibly Superusers on Cake – Lee Jones/Cake Refusing to Respond.” The thread asserted in part, “Cake does not allow datamining [and] does allow name changes, making it pretty much impossible for the community to check for superusers ourselves.”
Meanwhile, traffic on the Cake Poker Network has dipped slightly as a result of the encryption issues. On July 31st and August 1st, peak cash game traffic dove about 15% weekend over weekend according to PokerScout.com. On July 31st, the Cake Poker Network clocked in at 1,060 peak real money players, while on August 1st, that number rose to 1,097. It marked the first time in the last two months that the Network had turned in back-to-back days of peak ring game numbers below 1,100 players.
Besides Cake Poker, other rooms on the USA-friendly Network include DoylesRoom, Intertops, Only Poker, Red Star Poker, and Phil Laak’s Unabomber Poker. Cake Poker allows players to change their user names once every seven days.
