UB Security Flaw Take

Putting aside the general dislike of Cereus/UB/Absolute that is out there, I think the recent security flaw isn't as major as has been suggested by the various commentators out there.

Yes, using a simple XOR encoding instead of the industry standard SSL encryption is dumb. In fact, it's flat-out inexplicable. That's day 1 in cryptography. They may as well send the data as a text file.

But why it's NOT as major a concern as it's being made out to be is the interception portion of the situation. The vulnerability as it was described can only be exploited with access to the end-user's network.

So to be abused, the following conditions would have to be met:

- You're playing on UB/AP on a wireless network
- Someone knows you're doing this
- This someone is within range of your router
- This someone must access your router, either because its unsecured or by hacking it
- They must run some relatively available and simple code to access your hole cards
- They must ALSO play on UB/AP and sit at your table

This isn't a case of some random insider creating a superuser account against random players. You would have to be targeted. Now, if you broadcast that you play at these sites to unscrupulous people who know where you play from AND have the technical knowledge to pull this off (not complicated for anyone with a computer background, but above the heads of your average Joe), then you could make yourself a target. If you play from public, unsecured wireless networks (ie.- coffee shops, wi-fi hotspots), then you could be in danger. But again, someone would have to know you were playing on these sites AT THAT TIME, and know your online name in order find you.

If you're playing at home, have any level of access control on your router, or are wired-only, then you don't have much to worry about.

That said, I still won't play on these clusterfuck excuses of poker sites.