Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As recent as 2010 we were finding major flaws in online poker security, here are a couple of videos I did of us sniffing hole cards out of the air because sites were lying about their use of SSL. They were using xOR encryption. Insane.

http://www.youtube.com/watch?v=4HBUe8Fb73Q http://www.youtube.com/watch?v=AAQDEXJdbQc



Ouch, I suppose the moral of the story is don't play poker for money using a wireless connection.


The moral of the story is don't play poker for money where you suspect MITM to be in effect, because the connection is not secure.


It wasn't a MITM. Although I've done that too, ARP flood the router and redirect the traffic through myself. Only works on sites where they didn't peer validate the SSL cert.

These were just packet dumps, wasn't associated with the WAP. It's hard to remember the exact details but I believe I was dumping the packets and decrypting them with the WEP key then piping them into a C program which just applied the decryption key to the packets.


Why would they even send that information to the client before it was needed anyway? Keep it on the server and push it when, and only when, the client needs to see it.


It's catching packets heading to other clients to grab the information they don't send to you.

Or it would be if it were put to use for evil.


Yeah, I remember that. :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: