by bayesianbot on 12/30/23, 7:41 AM with 2 comments
by rokkitmensch on 12/30/23, 8:35 AM
Note that they have not said that they have closed this side channel altogether. This data is still transmitted to the client, and they are inviting further sneakier exploitation by not remediating it.
by bayesianbot on 12/30/23, 7:41 AM
GGPoker is currently the biggest online poker network. In January, someone wrote an article in CardPlayer Lifestyle[0] about how their client is quite badly programmed (with Adobe Air) and sends data as clear text with real name information that shouldn't be shared with everyone. It seems GGPoker didn't really take it that seriously, but at least enabled SSL for their connections.
Lately a bunch of players noticed player named "MoneyTaker69" was playing with extremely loose strategy (which usually would be losing big time), but winning at insane 90 big blinds / 100 hands rate (good players might win from few to maybe 10+ big blinds per 100 hands on average). Lots of hands played were really suspect, and definitely anyone playing hands like that should never be getting so lucky that they'd win during thousands of hands. Also the most winning leaderboard is full of people who won at really, really good rate for ~15 000 hands, and then just disappeared - which would be strange to do for any gambler or even a profitable poker player in a great winning streak.
So this leads to this statement by GGPoker. I linked the archive link as currently the real url is leading me to another page, so it might be removed. GGPoker has a feature that when players are all in, their winning probability gets shown, and apparently also some thumbs up / down button that depends on the odds. It seems like player(s) were running a modified client that could request that information at any time in the hand, even when the hands are not shown yet or the players all in. GGPoker also said they returned $29 000, while "MoneyTaker69" won $48 000 in a single tournament, even without counting any of their cash came winnings.
It isn't the first time this has happened - in 2007 Absolute Poker and UltimateBet were found to have "superusers" that knew cards of the other players[1], that time they were insiders in the companies. They were found out in the same way - crazy hands and massive winrates that didn't make any sense, and an absolutely wild call in a tournament that the superuser "POTRIPPER" went on to win.
I thought this might be interesting for HN - mostly for how the biggest Poker Network has handled their security.
[0] https://cardplayerlifestyle.com/ggnetwork-acknowledges-fixes... [1] https://en.wikipedia.org/wiki/Cereus_Poker_Network#2005%E2%8...