'

Talkback Tuesday: Cheating at UltimateBet

Several commenters asked why the institutionalized cheating at the UltimateBet Poker site is a security story.alleco writes: Where's the computer security bit of the story?

Several commenters asked why the institutionalized cheating at the UltimateBet Poker site is a security story. alleco writes:

Where's the computer security bit of the story?

This is a fair question, and it is my fault for not making the link more explicit. There is an elephant in the room of web-based service delivery, namely that we implicity trust the owners and operators of our websites to not only keep our data secure and not aide our competitors. For example, a web-based CRM solution could have an insider that would share one customer's sales pipeline with a competitor. Players on UltimateBet had to resort to a somewhat sophisticated statistical analysis to detect the cheating. In our example, it would be nearly impossible for the service's customers to detect if their data was leaked by the provider.

I consider institutionalized cheating at an online gambling site to be an excellent model of what could happen at any website that holds valuable data. Let's hope that a mainstream SaaS website does not present a better one.