Latest AP press release

[Dudd]

So there was cheating, but there wasn't a superuser account. I don't know why they even bother to half ass these things, if they're not actually committed to coming clean just pretend like it never happened, no one is impressed with this type of bs and the fish seem like they'll keep playing regardless.

[RagzMaster]

[ QUOTE ]
Isn't AP signalling something with these press releases related to the company's problems not being publiced on AP's web site Press Releases section, as opposed to the company's problems of Mattel that are publiced on Mattel's web site Press Releases section???

Regards ...

[/ QUOTE ]

Less then 1% of Absolute's player base have received any information about this scam directly from AP. And that has been through personal emails. The other 99+ % of the people have no idea they were ripped off, and AP will do whatever it takes to make sure they dont find out. Business will go on as usual, with the same crooks running the show, doing what they do best.

[ikestoys]

[ QUOTE ]
-Sadly, given the evidence of hands, I actually am inclinded to believe that the cheating did only start on Aug 14th

[/ QUOTE ]

Wouldn't this be a good thing? Just wondering...

Overall the statement doesn't seem to have anything new.

[pokergrader]

[ QUOTE ]
I think this part is interesting.

[ QUOTE ]
• “The system breach was the result of a recent internal software release impacting internal reporting. The breach was exploitable only by an authorized AP person that manipulated the internal reporting software, together with the AP gaming software. The security breach was not, therefore, the result of an external action, and no individual outside AP could exploit the breach.

• “There is no evidence of the current or past existence of a “super-user” account. There is no player account in the AP system with the ability to see other players’ hole cards.


[/ QUOTE ]

There was speculation that this exploit was related to the release of the new client. They appear to be confirming this.

They also appear to be defining a super-user account as an account that someone can log into the client software with and see other players' hole cards, and that no such account exists. With that definition, I imagine this is a true statement.

I hope they eventually release more details about exactly how the system was exploited.

From the above it sounds like the new client software began reporting back information (maybe screen grabs?) that could be intercepted by something on the AP network and used to determine the user hole cards.

[/ QUOTE ]

There is no way they would roll out debugging or cheating software into their application when they are a huge company making lots of money. This code was obviously there from the start, and may or may not have been exploited for a long time.

They are just trying to trick people into thinking this issue hasn't been around for a while, and a software upgrade is a nice convenient event.

I'll just give you rule #1 of software development: When your code is making you millions of dollars and is working perfectly, you don't install a backdoor that could potentially [censored] everything up or be traced to win $100,000 one time.

[RagzMaster]

[ QUOTE ]
Just got this:

“As Former Grand Chief Joe Norton, the 100% owner of AP,...

[/ QUOTE ]

You don't even have to get halfway through the first sentence of the statement to realize this release is nothing more then BS, and they are NOT going to be forthcoming and start telling the truth. The thought that they are now an honest company is laughable.

[pr0crast]

[ QUOTE ]
[ QUOTE ]
I think this part is interesting.

[ QUOTE ]
• “The system breach was the result of a recent internal software release impacting internal reporting. The breach was exploitable only by an authorized AP person that manipulated the internal reporting software, together with the AP gaming software. The security breach was not, therefore, the result of an external action, and no individual outside AP could exploit the breach.

• “There is no evidence of the current or past existence of a “super-user” account. There is no player account in the AP system with the ability to see other players’ hole cards.


[/ QUOTE ]

There was speculation that this exploit was related to the release of the new client. They appear to be confirming this.

They also appear to be defining a super-user account as an account that someone can log into the client software with and see other players' hole cards, and that no such account exists. With that definition, I imagine this is a true statement.

I hope they eventually release more details about exactly how the system was exploited.

From the above it sounds like the new client software began reporting back information (maybe screen grabs?) that could be intercepted by something on the AP network and used to determine the user hole cards.

[/ QUOTE ]

There is no way they would roll out debugging or cheating software into their application when they are a huge company making lots of money. This code was obviously there from the start, and may or may not have been exploited for a long time.

They are just trying to trick people into thinking this issue hasn't been around for a while, and a software upgrade is a nice convenient event.

I'll just give you rule #1 of software development: When your code is making you millions of dollars and is working perfectly, you don't install a backdoor that could potentially [censored] everything up or be traced to win $100,000 one time.

[/ QUOTE ]
Scott Tom is obv behind this, and from the pics he looks like a douche, and from others' accounts he seems like a moron, but if he were being blackmailed by someone else his actions would make a whole lot more sense. B/c like everyone says, why would the CEO of a very profitable company do something dumb like this to make a few 100k? If he just pulled 500k out of the company's bank account, people would notice.

[JamesAt15]

[ QUOTE ]
There is no way they would roll out debugging or cheating software into their application when they are a huge company making lots of money. This code was obviously there from the start, and may or may not have been exploited for a long time.

[/ QUOTE ]

Maybe and maybe not. My point is that instead of speculating about what they would or would not have done based on our ideas about what good software development is, those involved should press them for more technical specifics.

Nat seems pretty sharp, so hopefully he has done so already. If not, I hope more details come out in the ongoing audit and investigation.

[Matfrid]

[ QUOTE ]
I think this part is interesting.

[ QUOTE ]
• “The system breach was the result of a recent internal software release impacting internal reporting. The breach was exploitable only by an authorized AP person that manipulated the internal reporting software, together with the AP gaming software. The security breach was not, therefore, the result of an external action, and no individual outside AP could exploit the breach.

• “There is no evidence of the current or past existence of a “super-user” account. There is no player account in the AP system with the ability to see other players’ hole cards.


[/ QUOTE ]

There was speculation that this exploit was related to the release of the new client. They appear to be confirming this.

They also appear to be defining a super-user account as an account that someone can log into the client software with and see other players' hole cards, and that no such account exists. With that definition, I imagine this is a true statement.

I hope they eventually release more details about exactly how the system was exploited.

From the above it sounds like the new client software began reporting back information (maybe screen grabs?) that could be intercepted by something on the AP network and used to determine the user hole cards.

[/ QUOTE ]

I think that is very unlikely. Why would they need to grab information from the clients when they already have all the information? All relevant hand information is somewhere in the system for evaluation of showdowns and for writing hand histories.

It is more likely that their statement refers to how this information was treated internally. I don't know which platform they use, so there is not much to speculate about.

What hit me first was their use of the expression 'internal reporting'. It is not a term that you would find in discussions about secure information handling of web portals, application servers and multi-tiered software. It is probably a mistake, but the term is almost solely used for an internal system för detecting fraud, wrong doings, policy violations and the like. This makes it a very humorous mistake, or - unlikely but intriguing - they actually mean what they say.

[Phildo]

[ QUOTE ]

Scott Tom is obv behind this, and from the pics he looks like a douche, and from others' accounts he seems like a moron, but if he were being blackmailed by someone else his actions would make a whole lot more sense. B/c like everyone says, why would the CEO of a very profitable company do something dumb like this to make a few 100k?

[/ QUOTE ]
cocaine is a hell of a drug

[N 82 50 24]

First part of the PokerNews part of my Costa Rica trip report is here:

http://www.pokernews.com/news/2007/1...rem-Part-1.htm

It's going to be three parts (I think) and I'm also going to do a separate report that I'll probably put on my blog/P5s/2p2/etc.