# Re: Have Any Notable Pros Commented on the Absolute Poker Scandal?

phlash74 wrote:

While I enjoy reading Roy Cooke's articles, it's kind of funny that
they list his six years as head of security for Planet Poker as his
expertise, given that Planet Poker's shuffling algorithm was cracked.
A cheater could find out what the turn and river cards were going to
be just by seeing their own two cards and the flop, because the number
of possible shuffles was way too low.

You didn't even need the flop. There was another problem with PRNGS having too small a number of possible shuffles, but it is relatively unclear that this makes a difference in most holdem games where only the top half of the deck is used.

But the PP problem was that they used the current time as the seed for their prng, which was known. Given your hole cards, you could guess a window of values for the Seed, and generate all the cases in that window and find the one/s that represented your hand. The more cards that you see the higher the probability of success, but it was a pretty high success with just your hole cards.

Now sites use much less predictable sources for the seeds of their PRNG's. Some use client input, some use radioactive decay, and other sources to come up with a seed, and most use the Merseinne Twister to generate the sequence of cards which contains a large enough space to actually deal all cards. Also they use dealing techniques to overcome a slight problem known as bit-bias. Where you have mapping problems from binary to another number system such as decimal, or base 13, or base 52. There are lots of ways of skinning the cat with dealing systems.

Some systems shuffle all of the cards and then deal them. Some systems only shuffle the cards as "needed". They all collect all deal data in a file by the end of the turn. Some collect it in a single file, some separate out the user views (to absolutely keep the hand history the same as the user saw it).

Routinely, clients are only sent those cards, and states that are relevant to them. Those states use session encryption so that the can avoid being tapped. I have no idea how "secure" these are to knowledgeable outsiders. Presumably you could tell by tapping, if there was too much information being sent.

The Absolute hack used a relatively clever trick. The hidden observer. Observer traffic is going to be relatively unmonitored because they should have no effect on the game. And the traffic is unpredictable, so it shouldn't raise any alarms. But in many cases the observer code is going to have a close attachment to the room being observed.

It is probably quite likely that the absolute code had two overly powerful, and possibly either forgotten, misunderstood, and or maliciously utilized features. First was "Invisible" mode. This would be handy for security purposes to view the room/players surreptitiously for various reasons. The second was a view hole cards mode. This would be quite useful for security and testing purposes. BUT EXTREMELY DANGEROUS if this capability leaked to an outside person/observer.

It is quite likely these capabilities/features exist in all online gambling servers. Poker or not. The feature is too useful and too obvious to have not been put in. The question for the user is how often has the feature been used for cheating? We know for sure that it is greater than 0, but it is absolutely not clear how often on any other sites. Poker is especially dangerous, because the money is being stolen from the players and not the house.

Security will always be a problem with any form of online transactions. And any form of gambling. We have seen other security issues with online houses. There has been clever online and offline hacking, and very clever insider computer hacking of slot machines and keno machines. Security is very very difficult. The hackers only have to find one way in. The security people have to stop and discover all ways. Security will ALWAYS be overcome. Always. The question is the response.

People will always want to be reassured everything is hunky dory. This will lead the marketers to always assure the public everything is fine. Sometimes naively lying, sometimes lying for evil reasons.

Money is the other part of the problem and how it is handled. Computers have caused tons of problems in this world, like slots being left in either maintenance of tournament mode, and giving out too much money and major jackpots being denied, even though from the users standpoint it looks like the gambling chance was being correctly handled.

I gamble in places where I think the risk of loss from gambling and other nefarious activity is low enough that I enjoy the experience. I play poker online knowing what I know, within those guidelines. Cheating has happened in every sport and in every representation from the beginning of time. Security attempts to catch up, as do rules and ethics. I still play.

.

• Follow-Ups:

## Relevant Pages

• Re: about SecuriID on mobile devices
... )> implementing most security devices, ... Tokens to assert identity or status were widely used long before the ... message that mentioned Grid Cards and S/Key lists, ... Physical OTP tokens ...
(sci.crypt)
• Re: about SecuriID on mobile devices
... )> implementing most security devices, ... Tokens to assert identity or status were widely used long before the ... message that mentioned Grid Cards and S/Key lists, ... Physical OTP tokens ...
(sci.crypt)
• Re: Have Any Notable Pros Commented on the Absolute Poker Scandal?
... A cheater could find out what the turn and river cards were going to ... of possible shuffles was way too low. ... be handy for security purposes to view the room/players surreptitiously ... Poker or not. ...
(rec.gambling.poker)
• Re: [fw-wiz] Kinkos Waning Security
... representative of the department of Homeland Security. ... > your overall risk very significantly at all in terms of real-world attacks. ... > employee X instead of employee Y?" ... >> cards at another store, access the auth page, and let the store buy the ...
(Firewall-Wizards)
• (no subject)
... After an unsuccessful session at Santa Fe Station in North Las Vegas, I decided to swing by the Cannery, a few miles to the east, to see if they had a game going. ... While there, I thought, I could also take a few "Guess the Casino" shots. ... I had taken seven photos when a Cannery security guard told me to stop. ... I walked over to the poker room, found that they didn't have any no-limit games going. ...
(alt.vacation.las-vegas)