When most people think about computer security, they often assume that if they have antivirus software, they are safe. Now, of course, having antivirus software installed with updated virus signatures is a required first step,
Passwords are the first that come to mind—there is no need for a complex attack if your password is poker.’ This advice goes for all accounts, not just your poker accounts. E-mail accounts in particular must have strong passwords—just ask Daniel Negreanu.but when your computer is used to play a game where hundreds to thousands of dollars are at stake, more protection is needed.
There have been several reported cases where players have been cheated because their opponents could see their hole cards or other security exposures. While there are sophisticated attacks (such as the man-in-the-middle SSL misconfiguration vulnerability that affected Ultimate Bet Poker [AP]) that could be used to obtain this information, it is more common that a player will be tricked into installing some form of malicious software on their system.
This is not an attack vector that is unique to the online poker industry. Several high-profile attacks in both the government and private sectors have used this method successfully. The RSA (the company that makes those 2-factor authentication tokens that more sites are making available) security breach is a great example. Fortunately Pkv Games is one of the most secure online poker sites worldwide.
In this case, an employee was tricked into opening a document that had malicious code, which installed a backdoor that the attacker then used to gain access to RSA’s internal network and eventually portions of RSA’s security algorithm. Now, if an organization whose primary mission is information security can be exploited in this manner, it is likely that the vast majority of the online poker population could also be successfully targeted.
As discussed, while there are several different attack vectors that could be used to gain unauthorized access to a player’s system, two of the most common are old-fashioned social engineering and phishing attacks.
Social engineering is the process of deceiving people into giving away access or confidential information. This topic will not be discussed in this article; rather, we will focus on defenses against client-side attacks such as phishing. There are two primary categories of phishing: general and spear.
- Phishing – E-mails that typically contain a link to a counterfeit Web site and are designed to look like an authentic login page. They will actually capture personal data for cyber criminals, who will use the data to commit financial fraud.
- Spear Phishing – Targets are identified in advance and the e-mails that attempt to trick them into handing over personal data can be highly specific. They might claim to come from a friend or colleague, or seek to exploit the target’s known interests.
Of the two, spear phishing attacks are much more dangerous. I can imagine several scenarios that could be used against well-known and successful players in order to launch a successful attack.
There are several obvious defenses that players can use to better protect themselves from these types of attacks. Passwords are the first that come to mind—there is no need for a complex attack if your password is “poker.” This advice goes for all accounts, not just your poker accounts.
I believe that the most important protection mechanism you can use is a dedicated system on which you only play online poker.E-mail accounts in particular must have strong passwords—just ask Daniel Negreanu. A separate poker-specific e-mail address is also a good idea.
It is best to have separate passwords for all accounts and ensure that they are complex (I recommend at least 14 alphanumeric characters including special characters). If the option is available to use some sort of multi-factor authentication token, take advantage of it.
Another step is to keep your system up to date will all security patches, not just operating system patches but also third-party updates from companies like Adobe and Java. Attackers’ phishing exercises are usually successful because their victims are running outdated software, which makes their computers easier to exploit.
Latest posts by Alexis Roberts (see all)
- ACTAtek Access Control at Pool Gates and Club Houses - February 9, 2017
- Biometric Access Control in Gyms and Health Facilities - January 1, 2017
- Turning Your Gym into a 24/7 Easily and Affordably - October 12, 2014