The only way I ever will buy and read Mason’s book is if this entire thing turns out to be an elaborate hoax he has orchestrated to promote it.
2 Likes
GGPoker recently spotted unusual game patterns and abnormal game client packets from a user nicknamed ‘Moneytaker69’. Our technical security team investigated the issue, identified a client-side vulnerability, and fixed what caused these unusual circumstances. We have banned the user and confiscated the unfair winnings, equating to $29,795. Below are the details of how this player exploited the system and gained an unfair advantage:
Under a specific set of circumstances related to the ‘Thumbs Up/Down Table Reaction’ feature, which involves decompilation of our Windows game client, interception of network traffic, and alterations of our game packets, Moneytaker69 was able to customize his own game client. These customizations could only be made to our Windows desktop game client since part of our desktop client leverages the Adobe Air framework, which has attack vectors that other frameworks do not. At no point was the user able to access our servers or server data, including others’ hole cards. Through this customized game client, he was able to deduce all-in equity by exploiting a client-side data leak vector. Our engineers detected this vulnerability and issued an emergency update on December 16th to disable the Thumbs up/down table reactions. However, the user was already in possession of the customized game client, which he blocked from receiving further updates, and was able to continue to accumulate the data leak during the flop and turn. Through this accumulated data, he could guess his win probability with reasonable assurance.
We have since issued security patches to prevent further client-side data leaks of this kind and have added solutions that will detect and prevent players from customizing the game client to their benefit. We will refund $29,795 to the affected players and also reconcile the payout for the impacted tournaments in the next 24 hours.
We sincerely apologize for the incident, which has caused many poker players to worry about the game’s integrity and shaken their trust in GGPoker to provide the best poker experience. We take this incident very seriously and continue to work hard not to disappoint poker players. Additionally, we are actively recruiting to double the size of our technical security team and are enlisting help from renowned security professionals to ensure that online poker is safer than ever.
We would also like to thank the poker community. This incident further proves the power of our community and the poker players’ hive minds, as constructive community feedback gave us great confidence in resolving the issue. We will continue to take community feedback seriously and open our ears to all comments and suggestions. Let’s build a safe future together.
1 Like
Can someone explain what non-public information he was accessing if it wasn’t hole cards?
All-in equity.
It seems like GGPoker calculates that and sends it out on every street, and just doesn’t “reveal” it until you get all in
Ohhhhh, I see. So when they say “he was able to deduce all-in equity by exploiting a client-side data leak vector” and “he could guess his win probability with reasonable assurance” they’re not exactly putting a fine point on it.
I never get why people get greedy like this. He could have minted indefinitely by staying under the radar and winning at just a reasonable clip.
I guess maybe he was concerned others would find exploit and so had to act fast, but assuming it’s not a new issue, no reason to believe that.
3 Likes
I don’t think a sophisticated actor is doing minbet/call strats to taunt people.
I’d guess it’s a fish who ran the client sandboxed, and somehow was making it display the equity percentages. The sandbox could prevent fixes (possibly this is just a happy accident for the fish) and they just rolled through life with the ‘hack’.
No sophisticated actor is gonna take a 53/47 aipf with 84 vs 65. Only someone who is sorta dumb and just clicking buttons.
Two fundamental rules for programming an online poker site:
- Don’t create a superuser ability, or it will be abused someday.
- Don’t send any information to the client that the player shouldn’t see.
So dumb.
It’s not even a little bit surprising that Mason would have gotten provision like that written into the purchase contract.
Who is limon? Just a regular mod who could be de-modded or does he have Mason-level invincibility?
He seems to have free reign to post whatever he likes without the mods taking any action.
Limon is an LA-based poker personality who did Live at the Bike and PokerSesh.
So the fame is why they do this:
Man he’s insufferable. Usually I’m pretty mute on that site, but I couldn’t help but chime in. What a douchebag.
Edit: lol… and my comments are deleted. To be fair I think his whole derail is gone.
Mason’s poker posts are as bad as his takes on politics.
1 Like
Could someone hack into a poker platform and create from scratch superuser abilities for themselves?
If you could get all server side data, sure.
It would be a lot harder if a superuser wasn’t already programmed into the system.
The hacker would have to not just hack into the system, but write all new source code that runs side by side with the real code. Assuming it was programmed right so that data to each client is encrypted from the moment it leaves the CPU, there would be no network connection on which the hacker could sniff the data. They’d have to insert extra code w/o being detected or breaking the app (I think, maybe there are other ways).
He was/is also a golf hustler