Suspected cheating on AP - Page 5

Bond18 · #41 09-15-2007, 08:07 PM

My god what a disaster for the industry.

diebitter · #42 09-15-2007, 08:08 PM

The most likely way this is being done, if it's being done, is some guy or group is getting access to the database at the back, and just refreshing the same bit of sql to read the hole cards for a given hand. It's just a username and password, once he's breached the firewall. Developers pass the stuff around all the time within a company.

There's not really a need for a 'backdoor' in the software as such, just a clean path into the database. an insider could do this easily if Absolute are in any way slapdash about security.

Anyone know if they have independent verification of their security?

Edit: Hell, I've been thinking about how I might do this if I were dishonest. I'd put a little web page with its own password protection on the server so it has protection from some lucky passerby finding it, out of the way, which pipes straight into the database. I'd make it pass sql straight through unchecked, and pipe the results to the same page. I could write such a thing in like 30-60 minutes if I was on the inside. Then, any database access is internal between web server and database server, and the little web app by definition bypasses firewalls etc.

This would leave lots of evidence if you knew where to look, but companies wouldn't really be looking.

Take all this as speculation, obviously.

bicyclekick · #43 09-15-2007, 08:08 PM

I think we need the higher ups to be involved. I dunno, I just don't really want to be somehow a deciding factor on any of this long term as it's implications are so vast.

adanthar · #44 09-15-2007, 08:19 PM

[ QUOTE ]
I think we need the higher ups to be involved. I dunno, I just don't really want to be somehow a deciding factor on any of this long term as it's implications are so vast.

[/ QUOTE ]

there are no deciding factors. the info is going to be made public, period. staying quiet about this is simply not an option.

Buzz · #45 09-15-2007, 08:21 PM

Hi diebitter - I'd like your permission to quote the whole of this excellent post of yours on one of my forums where the topic is pertinent to a current thread.

(I'm not quoting you without your permission).

Buzz

bicyclekick · #46 09-15-2007, 08:22 PM

[ QUOTE ]
[ QUOTE ]
I think we need the higher ups to be involved. I dunno, I just don't really want to be somehow a deciding factor on any of this long term as it's implications are so vast.

[/ QUOTE ]

there are no deciding factors. the info is going to be made public, period. staying quiet about this is simply not an option.

[/ QUOTE ]

dont be so closed minded. think full long and hard about all of the implications. (i'm not saying it should be hidden i'm just saying it's not black and white

bicyclekick · #47 09-15-2007, 08:25 PM

also, what's up with the mod over mod stuff...quoting from threads that got moved...i find it inappropriate. This isn't some 6 year old making 15 accounts and spamming, this is real world big deal. Why step on toes so quickly?

El Diablo · #48 09-15-2007, 08:26 PM

db,

Based on my experience with trading platforms and e-commerce applications, even if these guys are pretty incompetent, I doubt a backend database like that would actually be connected to the network. However, the mechanics of how they're compromised are pretty irrelevant anyway. The only important question is whether or not someone actually has a means through which to get realtime access to opponent holecard info. And, as you wrote above, if that's true, it's likely that smarter cheaters have been taking advantage of this already.

diebitter · #49 09-15-2007, 08:26 PM

[ QUOTE ]
Hi diebitter - I'd like your permission to quote the whole of this excellent post of yours on one of my forums where the topic is pertinent to a current thread.

(I'm not quoting you without your permission).

Buzz

[/ QUOTE ]

You may. You may also note the method I speculate on is not tied to any one account like the 'superuser' account would be.

adanthar · #50 09-15-2007, 08:30 PM

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
I think we need the higher ups to be involved. I dunno, I just don't really want to be somehow a deciding factor on any of this long term as it's implications are so vast.

[/ QUOTE ]

there are no deciding factors. the info is going to be made public, period. staying quiet about this is simply not an option.

[/ QUOTE ]

dont be so closed minded. think full long and hard about all of the implications. (i'm not saying it should be hidden i'm just saying it's not black and white

[/ QUOTE ]

believe me, I'm aware of the implications. but again, staying quiet is simply not an option when we are dealing with, literally, a rigged site. even suggesting that is a joke. what's the alternative, hushing up the threads?

as for mod over mod, I'm sorry (really) but we owe everyone an up to date accounting of exactly what people know and what they don't. I got the potripper hand not two minutes after I spread the word to my AIM list, which is just one of many reasons to get this out as fast as possible. we need to know exactly how many people/accounts are affected, preferably before AP issues an "oh, everything is fine now, thx for caring, here's $50" press release.