HH Smithy Accuses Full Tilt Poker of Invasive Practices
In a recent blog, HH Smithy, which provides hand histories for online poker players worldwide, has accused Full Tilt Poker of invasive practices by harvesting Windows product keys from unsuspecting customers.
In a four-minute video clip entitled "Full Tilt Poker: In Your Computer, Stealing Your Product Keys," HH Smithy representative Kyle goes into detail about the security measures Full Tilt Poker used in an effort to track down multi-accounters, or players participating at FTP tables using more than one account.
The video shows that Full Tilt's Random Number Generator (RNG) hardware and software solutions were independently audited by a company named Cigital, but adds that the entire source code was never analyzed.
Quoting Cigital in the video, HH Smithy says that the company's disclaimer specifically states that the poker room's RNG was verified to function properly during the time Cigital evaluated its effectiveness, but that there is no way to provide concrete evidence of total randomness. "There's no way to guarantee that FTP used this package in their production code," states HH Smithy representative Kyle in his video.
The most interesting part of the video comes in the final two minutes, when HH Smithy demonstrates the various methods Full Tilt employed to stop multi-accounters from exploiting online poker players. The list of steps taken includes the fact that FTP gathered information from each machine that accessed its servers and checked several common parameters such as hard disk information, CLS IDs in Windows, Machine GUID, the user's IP address and/or Mac address, and the number of processors in the customer's computer.
These security measures are normal and expected according to the blog post by HH Smithy. However, the video clip goes on to state that Full Tilt Poker also confiscated each user's Windows Product Key, which is considered by many to be private property and worth hundreds of dollars. Since Cigital's seal of approval only referred to the site's RNG and not its other practices, HH Smithy claims that Full Tilt was directly responsible and had knowledge of its ability to scoop customers' product keys, which could have been intercepted by hackers or used by low-level FTP employees for other reasons without users' knowledge.
The product key information was hidden in an image file by the Full Tilt software through a process that HH Smithy calls steganography, which was easily discovered by HH Smithy upon routine evaluation. The conclusion of the video is that independent analysis is necessary of Full Tilt's security measures, adding that if low-level FTP customer service representatives could access customers' product keys, then that information could have easily been released at some point and stolen by malicious hackers.
For a full report on HH Smithy's discovery, visit the official blog post, which shows in detail, using technical jargon, how Full Tilt Poker was able to capture customers' Windows Product Keys.
For online poker players who are interested in obtaining as much information on opponents' tendencies as possible in order to make better, more-profitable decisions at the online poker tables, visit HHSmithy.com and order hand histories. There are a number of payment plans available to fit your needs and can assist you in improving your win rate immediately.
BECOME A MEMBER of PokerSoftware.com today. You can chat with us and ask questions to our poker software experts in the forums and get access to
EXCLUSIVE members-only content.
Sign up today!
More articles
Member Comments
A Person's Comment
2011-12-15 19:45:06
A couple things to point out. There is no way to prove that a given bit of software is running on a given piece of hardware. It is literally unprovable. Ask any computer scientist. At a certain point, you have to state some assumptions and accept them. E.g., "assuming the software audited is the software that is running, blah blah blah." You can debate the assumptions, but it's sometimes impractical or impossible to eliminate all the assumptions.
Secondly, the RNG is part of their servers, wherever those are. All this mischief and bad behavior was in the code downloaded to your computer. Totally different things. So the RNG audit really has nothing to do with the stuff they're doing in the poker software. FTP were probalby subject to lots of audits (e.g., ISO 27001 and so on). Each audit has a limited scope and passing it doesn't somehow bless the whole organisation.
Nola Lucier's Comment
2012-07-09 10:46:13
Well equipped blog with lots of online poker related information and updates. I really like your site.. nice work done..
http://www.pokerlivenews.com/