Presented at
DEF CON 19 (2011),
Aug. 6, 2011, 4 p.m.
(50 minutes).
Online poker is a multi-million dollar industry that is rapidly growing, but is not highly regulated. There have been "hacks" recently (i.e. weak SSL implementation, superuser account) that have drawn more attention to security in the poker industry, especially as it moves to full regulation in the United States. This talk will cover the technical architecture of online poker, existing security controls, examples of past vulnerabilities, new weaknesses we have discovered in the poker clients and surrounding infrastructure, and next steps of research we are performing in this area.
Presenters:
-
Gus Fritschie
- Director, Security Engineering - SeNet International
Mr. Fritschie has been involved in the field of information security for over ten years. He began his career in information technology (IT) as a system administrator for a growing financial company. It was there that he gained a fundamental understanding of all aspects of IT, including network security. Mr. Fritschie then joined the information security consulting practices of KPMG, Deloitte and Touche leading and performing numerous vulnerability assessments and penetration tests in support of financial audits, GISRA (now FISMA), and other compliance related efforts. Clients included fortune 500 companies, civilian agencies, and DOD. Since joining SeNet as the Director of Engineering and Security Assessments, Gus has led several large-scale projects. Some of these projects included enterprise-wide vulnerability assessments for multiple government and commercial clients, management of the Certification and Accreditation efforts, and web application penetration tests. He is also an avid poker player having logged close to a million hands online.
-
Mike Wright
- Senior Security Engineer - SeNet International
Mike Wright is a senior security engineer who specializes in penetration testing, web application assessments, and breaking stuff. For the past three years, Mike has assisted in enterprise-wide vulnerability assessments as well as C&A engagements for several of SeNet's clients.
Links:
Similar Presentations: