Fórum de Poker

O artigo seguinte está em Inglês e é proveniente do PokerTableRatings.
Explica as falhas e os cuidados a ter.
Nada a seguir descrito é de minha autoria, serve apenas para dar conhecimento a todos os user's deste fórum.

"This article serves as a companion article to the security advisory PTR has released which is viewable at: Cake Poker Uses Weak Encryption. It is intended to explain the severity and implications of this security risk to the broader non technical poker playing audience.
Overview

PTR Security has uncovered a serious vulnerability in the network encoding used for the Cake network. This encoding leaves player's accounts as well as hole cards vulnerable to being stolen by any third party who is in between the player and Cake's servers, as well as anyone who can snoop on their traffic. This means that players on wireless networks (especially unsecured ones) are at particular risk.

This security vulnerability is almost the same as the previous vulnerability we uncovered at the Cereus poker network, which has now been resolved, but there are a few significant differences which will be discussed in the "Special Notes" section.

We believe this vulnerability applies to every Cake network skin (our testing was limited to Cake poker and Doyle's room). We also were able to verify that this vulnerability applies to both the current Cake client and their new Beta client v2.0.

If you are going to skip the majority if this article please at least take a moment to read the sections "Risk Levels for Players" and "Suggestions for Players." These sections are minimum reading for anyone who plays on the Cake poker network.

Jump to proof of concept
Explanation

This section is the same as our previous security bulletin for the Cereus Poker Network, so you may skip this portion if you're already familiar with the Cereus network's (now fixed) encryption vulnerability.

When logging into a poker client on your PC what is actually happening behind the scenes is a connection is established to the servers owned and operated by the poker network. This connection is used to transmit all data between your PC and the servers, including sending your username and password, betting actions, and your hole cards.

This can be thought of as a conversation between your computer and the poker network, which might go something like:

PC: I'd like to play poker my username is bob and my password is 123456

Server: You are logged in

Or:

Server: A new hand has started at your Table 1

PC: Ok

Server: Your hole cards for Table 1 are Ac Jh

PC: Ok

On all poker networks this data is encrypted in a manner that would prevent any intercepted data from being used to gain access to your account, or steal your hole cards. This means essentially that the conversation is obscured to prevent eavesdropping, so that someone listening in cannot "hear" your password.

Almost every poker network uses some implementation of the SSL protocol, which is the same type of security mechanism that everyone from banks to government agencies use to secure their data. There are several freely available implementations of this protocol including the open source OpenSSL . SSL is the industry standard, and is generally regarded as best practice for encrypting network transmissions.

The problem is that the Cake Poker network does not use SSL to encrypt their communications; they use a custom form of encryption which is XOR-based. This form of encryption is known to be extremely weak, and in fact their particular implementation makes it particularly simple to decrypt network data due to an easily discoverable key.

In fact, the encryption that the Cake Network employs isn't so much encryption as it is encoding. To see how simple it is to decode this data, simply open up your windows calculator and set it on scientific mode. All that is really necessary to decode the data stream is the XOR button .

The requirement for this vulnerability to be exploited is network access. This means that if you are playing on an open wireless network, a cracked wireless network (something which is increasingly simple to do), or on a physical network which has been compromised – an attacker could dump the network traffic and exploit this vulnerability maliciously.
Implications

Stealing hole cards is very possible with this exploit; however, the larger concern is that of stolen bankrolls. In theory an attacker could identify a potential victim and park a car down the street, and if the victim plays on a wireless network, sniff their login information and then go home and dump the money off to other accounts. This is very unlikely to ever have happened, but it is possible.

A large misconception with the Cereus network vulnerability was that only players on a wireless network that was unencrypted were at risk. We saw many inaccurate security reports circulated which downplayed the severity of the issue. So this time we'd like to make it very clear that no matter what kind of network you play on you at risk on the Cake network. Any attacker that can position themselves between your computer (or listen to it such as with a wireless network) and the Cake servers in Curacao can theoretically steal your login information or hole cards.

The reason wireless networks are specifically targeted is that rather than having to insert yourself between the victim and the Cake servers, you can observe the data without any physical access.

Besides the technical implications there are many other industry implications that continue to be raised by these sorts of revelations. How can yet another poker network get licensed and audited, but nobody along the way notice that they aren't employing even the most basic security mechanisms? Is anyone actually watching out for us?
Testing

In our lab, using a dummy cracked wireless network, we've been able to steal usernames and passwords from multiple Cake network skins (to our knowledge this vulnerability applies to all cake skins). The username and password was made visible to us as the player clicked the login button, or as the "auto-login" occurred. This exploit is more serious than the Cereus network in which we were only able to get an MD5 hashed version of the password which then required a more sophisticated "injection" mechanism to hijack the account. In this exploit, we simply get the plain text username and password.

We've also successfully stolen hole cards as they were dealt, as shown in the demonstration video. This is basically the same exploit as the Cereus network.

All of our tests were done in a lab environment, using cheap commercial grade laptops. The source for all of the testing totals less than 500 lines. The wireless network cracking and snooping was done using freely available open source software.
Risk Levels for Players

The below chart attempts to quantify the level of risk a player has of being victimized in each type of networking scenario.
Network Type Risk Level
Public Unsecured Wireless Severe
Public Secured Wireless Moderate-High
Public Wired Moderate
Home Unsecured Wireless Moderate
Home Secured Wireless Moderate-Low
Home Wired Low

Examples:

Unknown wireless network in college dorm called "Linksys"

*

- Public Unsecured Wireless

- Severe Risk
Starbucks or airport wireless, requiring login

*

- Public Secured Wireless

*

- Moderate-High Risk
School computer lab, plugged in

*

- Public Wired

*

- Moderate Risk
Home wireless network called "Linksys" or "netgear" not requiring key or using WEP key (10, 26, or 58 digit hexadecimal number sometimes generated from a user passphrase)

*

- Home Unsecured Wireless

*

- Moderate Risk
Home wireless network requiring WPA2 key

*

- Home Secured Wireless

*

- Moderate-Low Risk
Home wired network

*

- Low risk

It is worth mentioning here that a player who can be specifically targeted is at an unquantifiable but elevated level of risk.
Suggestions for Players

As suggested previously there is no way to be 100% secure at the moment while playing on Cake poker. It is not possible to know that you're safe, even when plugged directly into your router.

The only guarantee of safety is to change your password, and stop playing on the Cake network until these issues have been fully resolved and verified by us. Until Cake has switched to OpenSSL, or the TwoFish encryption their webpage says they use, there is no way to be sure you are secured.

If you must continue to play in the mean time you should plug directly into your router or cable modem. If this is not an option you should make absolutely sure your wireless network is encrypted using WPA2 encryption.

Do NOT play on any unknown or public networks, especially wireless network. Also it may be wise to keep the fact that you play on the Cake network to yourself so as to avoid making yourself a target.
Suggestions for Cake Network

As we recommended to the Cereus poker network when their similar vulnerabilities were discovered, you must upgrade your network communications to use the industry standard OpenSSL library. It is freely available at http://www.openssl.org. When implementing the SSL changes you should be sure to validate your peer certificate so as to prevent an SSL man-in-the-middle attack. Failing that, you could implement the TwoFish algorithm mentioned on your website but this would be harder and more prone to vulnerabilities as custom implementations always are.

Also, please immediately remove the incorrect security material concerning hackers from your website.

We, as always, offer our expertise in auditing security and verifying the fix once implemented.
Special Notes

In the introduction to this article mention was made to the fact that this vulnerability is similar to the Cereus poker network's vulnerability, but there were significant differences, in the follow sections we will review these differences.
Technical Differences

Practically, the major difference is that you can retrieve the plain text password from the network data stream. This is much easier to make use of since there is no "injection" of a stolen password hash that needs to occur to hijack the account like there was on Cereus. Simply take the stolen username and password and login at your convenience.

Technically there are a few differences. Cereus used a single hard coded encryption key which we were able to discover via a blunder in their algorithm. Cake at least uses an encryption key that changes all the time, it arrives at startup and then is mutated as the key is applied to packets.

The other technical difference is the way the key is discovered in the vulnerability. There are actually two ways to receive the key. The first, and hardest way, is to listen for when the key is sent in plain text over the network stream and then mutate the key after each decryption as Cake does. This requires that you have a complete network dump including the initial connection to the Cake servers. Basically you have to be "listening" from the very beginning.

The second and much simpler way to receive the key is to just brute force it. That's right; you can literally guess the key. It only takes a few milliseconds and is far more practical than the previous method. All of our testing was done using this second method, brute forcing the key.
Differences of Principle

The final differences are of an entirely non technical nature. In the case of the Cereus network's vulnerability it seemed that the problem was mostly due to ignorance, there was no intentional misleading of the public – indeed it is most likely that, as they claim, they were entirely unaware of the issue.

However, Cake has this paragraph posted on several of the skin's website concerning security from hackers:

All communications between the client program running on your computer and the Cake Poker server in Curacao are encrypted using the accepted industry standard 256-bit TwoFish encryption algorithm. The unique cards dealt to each player are delivered exclusively to that particular player's computer thus maintaining privacy and integrity of play. Packet-sniffing by other players cannot be used to gain any advantage. Each player's cards are sent exclusively to that particular player's computer. None of the other computers know what your hidden cards are, thus preventing an opponent from hacking their client software to determine your cards.

This paragraph contains inaccuracies and two blatant deceptions. A nit-picky type inaccuracy: TwoFish is in no way the accepted industry standard. The accepted standard is clearly and overwhelmingly SSL, specifically OpenSSL. Every major network uses some implementation of SSL, it is in fact the only accepted standard. Also, clearly packet-sniffing can be used for significant advantage.

Now as far as the deceptions:

* Cake does NOT use a TwoFish encryption algorithm. The TwoFish algorithm, although non-standard, is basically "secure." It is a symmetric cipher, which makes it fundamentally much more secure than the x-or encoding scheme that Cake uses. It cannot be brute forced in any sort of practical manner.

* Cake does NOT use a 256-bit algorithm. Their seed is sent in plain text and is a single 32 bit value.

It is also worthwhile to note that since they have created a beta client which, as far as we can tell, is written in an entirely new language in a ground-up manner they must be aware of the encoding mechanism in place. They had to have copied it from the old client, understood it, and then translated it into the new client. This implies that the deceit is not one of ignorance, at least at the programmer level. Likely the higher-ups are in fact naive of the issue, but someone, somewhere, was aware of this.
Synopsis

In summary, there is a critical network vulnerability in the Cake poker network's software which makes it possible to steal account information including username and passwords, and view hole cards. There is no 100% protection until the Cake poker network upgrades to OpenSSL. Cake has an erroneous security notice on their website which claims to implement a type of encryption that they do not have.

As before, we have no way of knowing if this vulnerability has been used to exploit actual players. PokerTableRatings.com created test accounts for all of our testing during our research phase. We do not have passwords to any unauthorized user accounts. Cake has been notified of the issue and we will continue to report as the situation develops."

Resumindo...

curi0s0 escreveu

Resumindo...

muda de sala

Ola
Basicamente o problema da Cake é o mesmo que outra qualquer rede wireless com proteccao wep, estamos espostos a ser-mos coscuvilhados.

Em uma rede wireless com wep se usar-mos http possibilitamos que o nosso trafego seja visualizado, com https estamos protegidos por ssl.

O cuidado a ter com a cake é o mesmo a ter com o uso de redes wireless wep no geral.

No entanto acho que a cake deveria proteger melhor os seus users, ja que podemos estar a falar de grandes volumes de dinheiro, e basta ter-mos acesso ao login para podermos ficar com os fundos.

Ozzoy escreveu

Ola

Basicamente o problema da Cake é o mesmo que outra qualquer rede wireless com proteccao wep, estamos espostos a ser-mos coscuvilhados.

Em uma rede wireless com wep se usar-mos http possibilitamos que o nosso trafego seja visualizado, com https estamos protegidos por ssl.

O cuidado a ter com a cake é o mesmo a ter com o uso de redes wireless wep no geral.

No entanto acho que a cake deveria proteger melhor os seus users, ja que podemos estar a falar de grandes volumes de dinheiro, e basta ter-mos acesso ao login para podermos ficar com os fundos.

As coisa não são assim tão simples como as estás a expor, comparar uma encriptação a uma sala de poker...

Mas toda a gente sabe que redes Wireless WEP são tão fáceis de crackar que o melhor mesmo é usar WPA. Um portátil e alguns conhecimentos ou umas simples pesquisas no Google chegam para saber como aceder a uma rede wireless com esse tipo de protecção..

Cake poker = encriptação!

Acho sempre piada a essa história da facilidade de crackar uma rede wireless (seja qual for a encriptação).

Esquecem-se normalmente que para aceder a essa rede, é preciso estar perto dela enquanto numa rede Wired, se pode estar no outro lado do mundo para aceder!

É verdade que a encriptação de redes wireless é mais frágil do que a encriptação de redes wired, MAS (e é realmente um grande mas) para as wireless estemos de estar perto delas para as desencriptar sendo que o perto muitas vezes não passa dos limites de uma habitação.

BlocoDaBarra Disse:
As coisa não são assim tão simples como as estás a expor, comparar uma encriptação a uma sala de poker...

Ola
Nao se trata da uma comparacao, se eleminarmos a questao do wireless, qq sala de poker encripta os dados para nossa proteccao, desde o momento que colocamos o nosso user e password passando pelas proprias maos que jogamos, senao conseguiriamos ver as maos de todos na mesa.
Inclusive lembro-me da PokerStars vender aos seus supernova+ equipamento para aumentar a seguranca (token cards). E aparentemente a encritacao da cake é fraca e facil de explorar. O wireless só facilita o acesso ao teu trafego permitindo saber que mao estas a jogar. Se eu estiver a explorar isto e a jogar contra ti sei que mao tens. Mas mesmo em wireless ha varios protocolos wireless, WEP é inseguro, mas so usa quem quer, WPA e WPA2 sao seguros. Usando qq um dos ultimos estamos bem. WPA2 encripta o nosso trafego que vai no ar que inclui o trafego da sala de poker que tb vai encriptado.

Concordo com o que o Hugo diz, mas ha muita gente que se empenha em tentar coscuvilhar as nossas redes wireless.

Bem, na minha opiniao se usarmos WPA2 em nossas casas e mesmo nos hotspots publicos nao vale a pena perdermos o sono sobre isto.

O post ja vai longo, mas como esta é a minha area de profissao achei de deveria dar as minhas ideias

Xau

Se é assim tão fácil desafio-te a provares, eu por acaso não sou leigo no assunto, gostava de te ver fazer isso.

Ola

Entrar em uma rede wep com 64 bits de encriptacao é facil, qq um pode fazer.
http://www.youtube.com/watch?v=kDD9PjiQ2_U
http://www.youtube.com/watch?v=oHq-cKoYcr8

No que toca á cake, seria preciso saber como funciona a pseudo cifra que usam, e escrever um programa identico ao que foi usado no video. Aparentemente nao é bem uma cifra mas uma chave de substituicao, tipo A=1 B=2 etc. Chave essa que nao conheço, mas para quem a conseguir obter e tiver skills the programacao consegue reverter. Skills desses nao tenho .
Continuo a dizer que nao vale a pena perder o sono sobre isto, este assunto vale mais pela conversa academica em si.

Xau

Opá, conversa académica não, só de poker

Tenho estado a acompanhar os desenvolvimentos no 2+2 desta situação, isto porque o Lee Jones(room manager da sala) tem respondido lá a algumas questões.

Gostei muita desta imagem que lá colocaram