The Internet Portal for Casino Security

Enterprise · home · about · services · advisories · projects · casinos · links   Miscellaneous · · ·   Bookstore Recommended Books

We are dedicated to stress the limits of your product by conducting innovative security assessments. Random Logic LTD www.random-logic.com GamblingSecurity's disclosure policy was put together by the security community and has been adopted by our company since 2002. DATE OF CONTACT: 09 October 2002   UPDATE: 16 October 2002 GamblingSecurity has not been provided with assurances that the notification was received.   CURSORY SECURITY SOFTWARE ADVISORY FOR RANDOM LOGIC LTD Abstract A quick, high level, security review has been conducted on Random Logic gaming software. Due to DCMA restrictions, no reverse-engineering whatsoever has been performed. This obviously limits the extent of discoveries as more weaknesses could have been found. Summary Vulnerability #1 - Cleartext Communications Cleartext facilitate the analysis and understanding of the protocol used by the application. It also leaves the network communications vulnerable to eavesdropping. For instance, the registration process and the login process when requesting a deposit both perform cleartext authentication, thus leaving the user's password vulnerable. The user is also misled into thinking the software is establishing a secure communication when making a deposit/withdrawal transaction: "Establishing a secure communication with the InterSafe Global Server" Vulnerability #2 - Flawed Authentication Process It is possible to bypass the authentication process, thus login as any users without ever knowing their password. The "redirect message" (41327) in the authentication process is responsible for this vulnerability. Vulnerability #3 - Impersonating the authentication server It is possible to impersonate the authentication server in order to steal the user's credentials, and possibly decrypt the user's password. In this case, it would have been useful to reverse-engineer the application to determine how the password is manipulated (hashed or encrypted). Vulnerability #4 - Replay Attack It is possible, either after eavesdropping the network communication or after impersonating the authentication server, to use the user's credentials to impersonate the user without ever knowing his password. This attack extends to any encrypted data. For instance, a malicious user could use someone else credit card without ever knowing the actual number. Although it could be tracked down to the fraudster account, it affects the casino's and the regulator's credibility. Vulnerability #5 - Sequential Creation of User ID It is possible to determine the user id of other users as it is a sequential number.

Latest Advisory 9 October 2002 www.casino-on-net.com   News Archives · Hackers Heaven: Online Gambling · Internet Gambling Software Flaw Discovered · Discover a security flaw? Get a lawyer · A sure bet: Internet gambling is loaded with risks · Risks to Casinos · Online Gambling Is a Bad Bet Share the news

All logos and trademarks in this site are property of their respective owner. All the rest are © Copyright GamblingSecurity 2002.