Back in February of 2008, it was discovered that Party Poker, the largest online poker room in the world at that time, had a severe vulnerability issue involving updates of its poker client. Party Poker was informed of the issue, and now, in August, an advisory has finally been released to expose the problem.
The vulnerability was first discovered by Security Objectives, a security consultant and software development company that insures the proper behavior and integrity of software. According to Security Objectives, Party Poker software updates are taken from a different server on Party Gaming, rather than Party Poker itself. Because of this, it is possible for a malicious user to cloak himself as the Party Gaming server, offer a different file with the expected name, causing users to automatically download and execute the replacement file.
Whether an unexpected file is intended for malicious execution or not, this process is absolutely illegal (can we say Ã¢â‚¬ËœhackerÃ¢â‚¬â„¢ boys and girls?) and any victim of such activity would feel rightfully and thoroughly violated.
Security Objectives contacted Party Poker to make them aware of the issue in February 2008. The company repeatedly try to reestablish communications, only to be met with Ã¢â‚¬Å“limited responsivenessÃ¢â‚¬Â from the online poker room. This went on for a period of several months. By August of 2008, enough was enough. The vulnerability was too great, forcing Security Objectives to go ahead with the release of an advisory.
Within the advisory, Security Objectives offered their best recommendation to avoid becoming a victim of the vulnerability in the poker client: Ã¢â‚¬Å“Do not use the PartyPoker client program.Ã¢â‚¬Â
Online poker rooms have seen a host of vulnerabilities in recent years. Absolute Poker underwent an enormous scandal, and subsequent loss of player trust, when it was discovered that a site owner was actually using a back door program to see all playersÃ¢â‚¬â„¢ cards.
In 2005, PokerStars discovered Justin Bonomo was using multiple accounts to play in a single tournament.
In early 2008, BetFair Poker found its players Ã¢â‚¬â€œ whether knowledgeable of the fact or not – exploiting a logic flaw that caused higher payouts than necessary. If two players with the same amount of chips went all-in and lost at the same time, both would be paid for the same position. Players were quickly jumping from table to table to exploit the software bug over a few hours.
Those players were later told to repay the monies won or face serious legal consequences.