pokerfied.com
Promoting poker discussions.

Main
Date: 10 Jan 2009 22:52:02
From: Patti Beadles
Subject: Full Tilt Poker Data Leak
Shortly after Full Tilt Poker launched, I signed up for an account
with them. For reasons that aren't relevant to this, I asked them to
close my account a few hours later and haven't done business with
them since. As I do when dealing with any business, I gave them a
unique email address at my domain. That address has only been given
to Full Tilt.

This morning I received spam from an affiliate of a company called
JBET Poker. I've never heard of them, but my mail filters filed the
mail as something other than spam so I investigated further. The
spam was sent to an address that I gave only to Full Tilt Poker.

It seems that Full Tilt has had some sort of security breach, sold
their database, or has otherwise allowed their data to get into a
spammer's hands. As they have had that address for years, I can
draw no conclusions about when the leak happened, and I certainly
don't know how it happened.

I monitor my domain on a daily basis for dictionary attacks and
other nefarious spammer tricks, so I am highly confident this wasn't
just a randomly-guessed address.

-Patti
--
Patti Beadles, Oakland, CA




 
Date: 13 Jan 2009 14:09:41
From: Wayne Vinson
Subject: Re: Full Tilt Poker Data Leak
On Jan 10 2009 4:52 PM, Patti Beadles wrote:

> Shortly after Full Tilt Poker launched, I signed up for an account
> with them. For reasons that aren't relevant to this, I asked them to
> close my account a few hours later and haven't done business with
> them since. As I do when dealing with any business, I gave them a
> unique email address at my domain. That address has only been given
> to Full Tilt.
>
> This morning I received spam from an affiliate of a company called
> JBET Poker. I've never heard of them, but my mail filters filed the
> mail as something other than spam so I investigated further. The
> spam was sent to an address that I gave only to Full Tilt Poker.
>
> It seems that Full Tilt has had some sort of security breach, sold
> their database, or has otherwise allowed their data to get into a
> spammer's hands. As they have had that address for years, I can
> draw no conclusions about when the leak happened, and I certainly
> don't know how it happened.
>
> I monitor my domain on a daily basis for dictionary attacks and
> other nefarious spammer tricks, so I am highly confident this wasn't
> just a randomly-guessed address.
>
> -Patti
> --
> Patti Beadles, Oakland, CA


  
Date: 13 Jan 2009 14:54:47
From: Travel A
Subject: Re: Full Tilt Poker Data Leak
Read Fulll Tilt's Terms Of Use, with regard to e-mail, for your
"heads-up".



   
Date: 13 Jan 2009 23:08:05
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <8777-496D1BB7-9684@baytvnwsxa001.msntv.msn.com >,
Travel A <nine510@webtv.net > wrote:
>Read Fulll Tilt's Terms Of Use, with regard to e-mail, for your
>"heads-up".

I have.

I also have multiple assurances from very senior people at Full
Tilt that they did not sell or give away their data, and this did
not come from them. They are "investigating all possible sources."

-Patti
--
Patti Beadles, Oakland, CA


    
Date: 13 Jan 2009 15:56:57
From: Travel A
Subject: Re: Full Tilt Poker Data Leak
Discussrec.gambling.pokerHelp

Group
Previous
Next
Next New
Forward
Respond

Re: Full Tilt Poker Data Leak
Group: rec.gambling.poker
Date: Tue, Jan 13, 2009, 11:08pm (PST+8)
From: Patti Beadles <pattib@green.rahul.net >


In article <8777-496D1BB7-9684@baytvnwsxa001.msntv.msn.com >, Travel A
<nine510@webtv.net > wrote:

Read Fulll Tilt's Terms Of Use, with regard to e-mail, for your
"heads-up".

I have.
I also have multiple assurances from very senior people at Full Tilt
that they did not sell or give away their data, and this did not come
from them. They are "investigating all possible sources."

-Patti
--
Patti Beadles, Oakland, CA


     
Date: 14 Jan 2009 00:16:45
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <9372-496D2A49-9774@baytvnwsxa002.msntv.msn.com >,
Travel A <nine510@webtv.net > wrote:

>Funny that you got selective in your reading of posts on this thread all
>of a sudden. You did see the proof presented, above, where Full Tilt and
>"Jbet" are both under/registered with the same company didn't you?

I saw that Jbet and Full Tilt are both licensed via the
Kahnawake Gaming Commission. Do you know what that is?
If not, go to the same link and click on "About Us". KGC
doesn't own online casinos-- it licenses them, and provides
technology infrastructure.

In essence, it's the same as saying that both Harrah's
and Trump are licensed by the Nevada Gaming Commission.
However, Jbet and Full Tilt are no more the same company
than Harrah's and Trump[1].

-Patti

[1] And I hope I didn't screw up the example and overlook
news that Harrah's bought Trump, or vice versa. If I did,
please substitute two other completely independent companies.
--
Patti Beadles, Oakland, CA


      
Date: 14 Jan 2009 01:01:54
From: Travel A
Subject: Re: Full Tilt Poker Data Leak


Re: Full Tilt Poker Data Leak
Group: rec.gambling.poker
Date: Wed, Jan 14, 2009, 12:16am (PST+8)
From: Patti Beadles <pattib@green.rahul.net >


In article <9372-496D2A49-9774@baytvnwsxa002.msntv.msn.com >, Travel A
<nine510@webtv.net > wrote:

Funny that you got selective in your reading of posts on this thread all
of a sudden. You did see the proof presented, above, where Full Tilt and
"Jbet" are both under/registered with the same company didn't you?


......
"I saw that Jbet and Full Tilt are both licensed via the Kahnawake
Gaming Commission. Do you know what that is? If not, go to the same link
and click on "About Us". KGC doesn't own online casinos-- it licenses
them, and provides technology infrastructure."


That's the whole point, it's the asscociation linkage. That's the "third
party" enabler.


................
"In essence, it's the same as saying that both Harrah's and Trump are
licensed by the Nevada Gaming Commission. However, Jbet and Full Tilt
are no more the same company than Harrah's and Trump[1].

-Patti"


No, it's not like that with regard to the e-mail situation; this isn't
exactly the Nevada Gaming Commission we're talking about.

Also, who said that they have to be the same company? The Full Tilt
Terms Of Use points out that you may get e-mail from parties -other
than- Full Tilt. You seem to be resisting the logic of this.

You're making up reasons to dismiss the obvious for some reason. It may
not be the reason for the e-mail, (it would be a striking coincidence if
it isn't) but for you to dismiss it as not being at least a good
possibility, doesn't make any sense.

.............

"[1] And I hope I didn't screw up the example and overlook news that
Harrah's bought Trump, or vice versa. If I did, please substitute two
other completely independent companies."

The example was fine, stand alone, but using it AS an an example in this
case was a screwed-up. I think Trump got a Nevada gaming license when he
bought 20% of the Riviera a few years ago; he subsequently sold his
interest in the Riviera, and in partnership with Phil Ruffin, (owner of
the former New Frontier) built the Trump Condos on New Frontier land.

Phil Ruffin sold the rest of the New Frontier land and just bought
Treasure Island from MGM Mirage a couple of months ago. I hope he puts
that great Treasure Island "skull and crossbones" marquee back up.






       
Date: 14 Jan 2009 09:16:41
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <8777-496DAA02-9810@baytvnwsxa001.msntv.msn.com >,
Travel A <nine510@webtv.net > wrote:

>That's the whole point, it's the asscociation linkage. That's the "third
>party" enabler.

But it's no more of an association linkage than being
certified by the Nevada Gaming Commission. If you think
otherwise, why?


>Also, who said that they have to be the same company? The Full Tilt
>Terms Of Use points out that you may get e-mail from parties -other
>than- Full Tilt. You seem to be resisting the logic of this.

Yes, partially because multiple people with extreme seniority
at Full Tilt have assured me that they had nothing to do with
that email. And technically, it says that Full Tilt may send
offers on behalf of third parties, but this didn't come from
Full Tilt.

-Patti
--
Patti Beadles, Oakland, CA


 
Date: 11 Jan 2009 14:18:39
From: Travel A
Subject: Re: Full Tilt Poker Data Leak
The e-mail in question coming from a "third party" or associated site
was the first thing that came to my mind. As pasted, above, the Full
Tilt terms of use states that you may get e-mail promos, etc., from
sites, etc., other than Full Tilt.

Wouldn't that be the overwhelming probability in explanation of why you
got the e-mail?

Also, if you received only one e-mail of this sort of a period of years,
it doesn't look like it's a problem exactly.

Did the e-mail have a: "click here to stop receiving", etc., message?
Blatant spam doesn't usually have this option. (Or at least, a "stop
receiving" option that actually works.)



  
Date: 12 Jan 2009 17:43:10
From: joeturn
Subject: Re: Full Tilt Poker Data Leak
Heres your connection Pattie! You pretty red headed biker babe;)

http://www.kahnawake.com/gamingcommission/

click on permit holders


Do you see fulltilt and jbet both have a permit with them Its an old
family tradition!!

They are conjoined twins connected at the pocket book$$$$$$$$$


   
Date: 13 Jan 2009 10:03:47
From: joeturn
Subject: Re: Full Tilt Poker Data Leak

> Bingo! It's "third party".

Most likely absolute with a new name..



   
Date: 12 Jan 2009 23:25:22
From: Travel A
Subject: Re: Full Tilt Poker Data Leak
Discussrec.gambling.pokerHelp

Group
Previous
Next
Next New
Forward
Respond

Re: Full Tilt Poker Data Leak
Group: rec.gambling.poker
Date: Mon, Jan 12, 2009, 5:43pm
From: joeturn <joeturn2000@yahoo.com >


Heres your connection Pattie! You pretty red headed biker babe;)
http://www.kahnawake.com/gamingcommission/

click on permit holders


Do you see fulltilt and jbet both have a permit with them Its an old
family tradition!!

They are conjoined twins connected at the pocket book$$$$$$$$$
.......................................................................



Bingo! It's "third party".



  
Date: 12 Jan 2009 17:39:43
From: joeturn
Subject: Re: Full Tilt Poker Data Leak
Heres your connection Pattie! You pretty red headed biker babe;)

http://www.kahnawake.com/gamingcommission/


Do you see fulltilt and jbet have a licinse with them Its an old
family tradition!!
They are conjoined twins connected at the pocket book$$$$$$$$$$$$$


  
Date: 12 Jan 2009 17:24:36
From: joeturn
Subject: Re: Full Tilt Poker Data Leak

> If you'd like to explain precisely the mechanism by which
> you think Google got this address, I would love to hear it.
> I'm happy to be proven wrong.

> -Patti
> --
> Patti Beadles, Oakland, CA


  
Date: 12 Jan 2009 17:09:29
From: joeturn
Subject: Re: Full Tilt Poker Data Leak


Pattie do a google search for your specific email address you might
get a surprise


  
Date: 12 Jan 2009 16:55:37
From: joeturn
Subject: Re: Full Tilt Poker Data Leak
I'm not trying to defend FTP as they are owed by the Kanawahkei Nation
that Russ made famous nor am I trying to point the finger at Google
but spyware is on a pay-per-click basis!!

A real close look says they(FTP) will share your personal imfomation
with third parties, that do marketing on thier behalf and a pay-per-
click is of financial benifit to them$$$$$$$$$$$$


   
Date: 21 Jan 2009 15:41:54
From: La Cosa Nostradamus
Subject: Re: Full Tilt Poker Data Leak
On Jan 12 2009 7:55 PM, joeturn wrote:

> I'm not trying to defend FTP as they are owed by the Kanawahkei Nation
> that Russ made famous nor am I trying to point the finger at Google
> but spyware is on a pay-per-click basis!!
>
> A real close look says they(FTP) will share your personal imfomation
> with third parties, that do marketing on thier behalf and a pay-per-
> click is of financial benifit to them$$$$$$$$$$$$
Are you sure that they are owned by kanahawkee ?

Atheism is drawing dead

_____________________________________________________________________ 
: the next generation of web-newsreaders : http://www.recgroups.com



  
Date: 12 Jan 2009 16:39:27
From: joeturn
Subject: Re: Full Tilt Poker Data Leak

> If you'd like to explain precisely the mechanism by which
> you think Google got this address, I would love to hear it.
> I'm happy to be proven wrong.
>
> -Patti
> --
> Patti Beadles, =A0 =A0Oakland, CA


  
Date: 12 Jan 2009 08:17:47
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <8777-496A703F-9009@baytvnwsxa001.msntv.msn.com >,
Travel A <nine510@webtv.net > wrote:
>The e-mail in question coming from a "third party" or associated site
>was the first thing that came to my mind. As pasted, above, the Full
>Tilt terms of use states that you may get e-mail promos, etc., from
>sites, etc., other than Full Tilt.
>Wouldn't that be the overwhelming probability in explanation of why you
>got the e-mail?

No. First off, it makes no sense whatsoever for Full Tilt to
be doing marketing for a competitor.

Second, if they were doing this it would be coming from Full
Tilt's servers or a marketing company that they hired. It
came from some random PC in the Philippines.

Third, I've been in contact with multiple people at Full Tilt,
and they all state unequivocally that they do not sell or
give away their data, and that this did not come from them.
They also say that they are actively investigating the source
of the leak.


>Also, if you received only one e-mail of this sort of a period of years,
>it doesn't look like it's a problem exactly.

Au contraire! Big problems always start with a first incident.

But really, if their data has been leaked, who knows how big it
is. What personal data do they have besides my email address?
Do they have my address? My credit card data? My social security
number? (I can't remember if I gave it to FTP or not.) Any
poker site that I do business with probably contains sufficient
info to get started on a decent round of identity theft.


>Did the e-mail have a: "click here to stop receiving", etc., message?
>Blatant spam doesn't usually have this option. (Or at least, a "stop
>receiving" option that actually works.)

No, it did not. I used to be in the email marketing business,
so I'm pretty familiar with this stuff. It did not have any of
the hallmarks of responsible email marketing.

-Patti
--
Patti Beadles, Oakland, CA


  
Date: 11 Jan 2009 15:31:54
From: joeturn
Subject: Re: Full Tilt Poker Data Leak
COOKIES I still say its google but anyway here is a thread I was
involved in explaning how google/microsoft/yahoo/ect... use spyware!
Hope this explains how this unique email address got spamed!?

http://groups.google.com/group/alt.satellite.tv.europe/browse_thread/thread/f1b122efecee2eb0


   
Date: 12 Jan 2009 05:26:57
From: La Cosa Nostradamus
Subject: Re: Full Tilt Poker Data Leak
On Jan 11 2009 6:31 PM, joeturn wrote:

> COOKIES I still say its google but anyway here is a thread I was
> involved in explaning how google/microsoft/yahoo/ect... use spyware!
> Hope this explains how this unique email address got spamed!?
SEE, THAT'S WHAT I THOUGHT
>
http://groups.google.com/group/alt.satellite.tv.europe/browse_thread/thread/f1b122efecee2eb0


Atheism is drawing dead

----- 
RecGroups : the community-oriented newsreader : www.recgroups.com




   
Date: 12 Jan 2009 08:24:01
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <abc39115-5acf-4c9d-a6a8-10b23bb2c8b2@m22g2000vbp.googlegroups.com >,
joeturn <joeturn2000@yahoo.com > wrote:
>COOKIES I still say its google but anyway here is a thread I was
>involved in explaning how google/microsoft/yahoo/ect... use spyware!
>Hope this explains how this unique email address got spamed!?

It does not.

This email address has never been sent via the web.
Google has never seen this address. The address does
not exist on my PC in any form, and only did so briefly
inside of the Full Tilt Client. It does not exist in
any PC-based mail client.

Really, I have an expert-level understanding of browser
and email behavior, and how data can and can't be caught.
I make my living dealing with the nuances of this stuff.

If you'd like to explain precisely the mechanism by which
you think Google got this address, I would love to hear it.
I'm happy to be proven wrong.

-Patti
--
Patti Beadles, Oakland, CA


    
Date: 17 Jan 2009 12:13:34
From: Kenneth Sloan
Subject: Re: Full Tilt Poker Data Leak
Patti Beadles wrote:
> In article <abc39115-5acf-4c9d-a6a8-10b23bb2c8b2@m22g2000vbp.googlegroups.com>,
> joeturn <joeturn2000@yahoo.com> wrote:
>> COOKIES I still say its google but anyway here is a thread I was
>> involved in explaning how google/microsoft/yahoo/ect... use spyware!
>> Hope this explains how this unique email address got spamed!?
>
> It does not.
>
> This email address has never been sent via the web.
> Google has never seen this address. The address does
> not exist on my PC in any form, and only did so briefly
> inside of the Full Tilt Client. It does not exist in
> any PC-based mail client.
>
> Really, I have an expert-level understanding of browser
> and email behavior, and how data can and can't be caught.
> I make my living dealing with the nuances of this stuff.
>
> If you'd like to explain precisely the mechanism by which
> you think Google got this address, I would love to hear it.
> I'm happy to be proven wrong.
>
> -Patti

Did FT ever use that e-mail address to contact *you*?

--
Kenneth Sloan KennethRSloan@gmail.com
Computer and Information Sciences +1-205-932-2213
University of Alabama at Birmingham FAX +1-205-934-5473
Birmingham, AL 35294-1170 http://KennethRSloan.com/


    
Date: 12 Jan 2009 00:41:43
From: Clave
Subject: Re: Full Tilt Poker Data Leak
"Patti Beadles" <pattib@green.rahul.net > wrote in message
news:gkeun1$9n7$2@blue.rahul.net...
> In article
> <abc39115-5acf-4c9d-a6a8-10b23bb2c8b2@m22g2000vbp.googlegroups.com>,
> joeturn <joeturn2000@yahoo.com> wrote:
>>COOKIES I still say its google but anyway here is a thread I was
>>involved in explaning how google/microsoft/yahoo/ect... use spyware!
>>Hope this explains how this unique email address got spamed!?
>
> It does not.
>
> This email address has never been sent via the web.
> Google has never seen this address. The address does
> not exist on my PC in any form, and only did so briefly
> inside of the Full Tilt Client. It does not exist in
> any PC-based mail client.
>
> Really, I have an expert-level understanding of browser
> and email behavior, and how data can and can't be caught.
> I make my living dealing with the nuances of this stuff.
>
> If you'd like to explain precisely the mechanism by which
> you think Google got this address, I would love to hear it.
> I'm happy to be proven wrong.

I doubt I have your expertise, but I have some.

No, there's no way short of a breach or deliberate selling that your addy
could have been obtained by a third party and used in context like this.

None.

Jim




     
Date: 12 Jan 2009 09:03:21
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <376dnX9JL5DVn_bUnZ2dnUVZ_r6dnZ2d@cablespeedmi.com >,
Clave <ClaviusNoSpamDammit@cablespeed.com > wrote:

>No, there's no way short of a breach or deliberate selling that your addy
>could have been obtained by a third party and used in context like this.
>None.

In this particular case, I'm reasonably confident that the
other bases have been covered. The only real possibilities
are extremely obscure, and don't jibe with what I know about
the incident.

I know of several Full Tilt customers who received this mail,
including two who specifically received it at addresses that
were only given to FTP.

-Patti
--
Patti Beadles, Oakland, CA


      
Date: 12 Jan 2009 01:10:29
From: Clave
Subject: Re: Full Tilt Poker Data Leak
"Patti Beadles" <pattib@green.rahul.net > wrote in message
news:gkf10p$gqp$1@blue.rahul.net...
> In article <376dnX9JL5DVn_bUnZ2dnUVZ_r6dnZ2d@cablespeedmi.com>,
> Clave <ClaviusNoSpamDammit@cablespeed.com> wrote:
>
>>No, there's no way short of a breach or deliberate selling that your addy
>>could have been obtained by a third party and used in context like this.
>>None.
>
> In this particular case, I'm reasonably confident that the
> other bases have been covered. The only real possibilities
> are extremely obscure, and don't jibe with what I know about
> the incident.
>
> I know of several Full Tilt customers who received this mail,
> including two who specifically received it at addresses that
> were only given to FTP.

Insider then. Start with any other on-line forums that you and the others
have in common.

Gotta consider what's being gained though. Other than your attention.

Jim




       
Date: 12 Jan 2009 09:29:13
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <R5udnei3k5uYlPbUnZ2dnUVZ_srinZ2d@cablespeedmi.com >,
Clave <ClaviusNoSpamDammit@cablespeed.com > wrote:

>Insider then. Start with any other on-line forums that you and the others
>have in common.

I'm not sure what you mean by online forums in this context.
I'm highly confident that an online forum couldn't have gotten
my FTP-specific address through any interaction of mine.

I think that the strongest likelihood by far is that a rogue
employee (or possibly a vendor) leaked the data.

-Patti
--
Patti Beadles, Oakland, CA


        
Date: 17 Jan 2009 12:16:48
From: Kenneth Sloan
Subject: Re: Full Tilt Poker Data Leak
Patti Beadles wrote:
> In article <R5udnei3k5uYlPbUnZ2dnUVZ_srinZ2d@cablespeedmi.com>,
> Clave <ClaviusNoSpamDammit@cablespeed.com> wrote:
>
>> Insider then. Start with any other on-line forums that you and the others
>> have in common.
>
> I'm not sure what you mean by online forums in this context.
> I'm highly confident that an online forum couldn't have gotten
> my FTP-specific address through any interaction of mine.
>
> I think that the strongest likelihood by far is that a rogue
> employee (or possibly a vendor) leaked the data.
>
> -Patti

Or that FT sent the e-mail on behalf of the 3rd party - which seems
marginally within their policy.

Disguising the e-mail to look like it came directly from the 3rd party
might be an issue.

It might also be that someone doesn't know the difference between making
a promotional mailing on behalf of a 3rd party and simply giving the 3rd
part your address.

Did you opt in/out (were you offered the opportunity) of promotional
mailings?

--
Kenneth Sloan KennethRSloan@gmail.com
Computer and Information Sciences +1-205-932-2213
University of Alabama at Birmingham FAX +1-205-934-5473
Birmingham, AL 35294-1170 http://KennethRSloan.com/


        
Date: 12 Jan 2009 01:34:01
From: Clave
Subject: Re: Full Tilt Poker Data Leak
"Patti Beadles" <pattib@green.rahul.net > wrote in message
news:gkf2h9$sru$1@blue.rahul.net...
> In article <R5udnei3k5uYlPbUnZ2dnUVZ_srinZ2d@cablespeedmi.com>,
> Clave <ClaviusNoSpamDammit@cablespeed.com> wrote:
>
>>Insider then. Start with any other on-line forums that you and the others
>>have in common.
>
> I'm not sure what you mean by online forums in this context.

Some other place where you and others contacted in this way may have been
known.


> I'm highly confident that an online forum couldn't have gotten
> my FTP-specific address through any interaction of mine.
>
> I think that the strongest likelihood by far is that a rogue
> employee (or possibly a vendor) leaked the data.

Like I said, insider then.

Jim




         
Date: 13 Jan 2009 20:36:51
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <adadnZGT5qcXk_bUnZ2dnUVZ_vudnZ2d@cablespeedmi.com >,
Clave <ClaviusNoSpamDammit@cablespeed.com > wrote:

>Some other place where you and others contacted in this way may have been
>known.

I guess I'm unclear on what you're getting at. Why would
some other online forum cause a spammer to get an address
that was only given to Full Tilt? Can you explain the mechanism
by which that might happen, or how you think it would be
relevant?

-Patti
--
Patti Beadles, Oakland, CA


          
Date: 13 Jan 2009 19:27:24
From: Clave
Subject: Re: Full Tilt Poker Data Leak
"Patti Beadles" <pattib@green.rahul.net > wrote in message
news:gkiu13$auh$1@blue.rahul.net...
> In article <adadnZGT5qcXk_bUnZ2dnUVZ_vudnZ2d@cablespeedmi.com>,
> Clave <ClaviusNoSpamDammit@cablespeed.com> wrote:
>
>>Some other place where you and others contacted in this way may have been
>>known.
>
> I guess I'm unclear on what you're getting at. Why would
> some other online forum cause a spammer to get an address
> that was only given to Full Tilt? Can you explain the mechanism
> by which that might happen, or how you think it would be
> relevant?

No idea -- I'm just spitballin here.

Jim




 
Date: 10 Jan 2009 19:37:00
From: Susan
Subject: Re: Full Tilt Poker Data Leak

"Patti Beadles" <pattib@green.rahul.net > wrote in message
news:gkb8qi$t25$1@blue.rahul.net...
> Shortly after Full Tilt Poker launched, I signed up for an account
> with them. For reasons that aren't relevant to this, I asked them to
> close my account a few hours later and haven't done business with
> them since. As I do when dealing with any business, I gave them a
> unique email address at my domain. That address has only been given
> to Full Tilt.
>
> This morning I received spam from an affiliate of a company called
> JBET Poker. I've never heard of them, but my mail filters filed the
> mail as something other than spam so I investigated further. The
> spam was sent to an address that I gave only to Full Tilt Poker.
>
> It seems that Full Tilt has had some sort of security breach, sold
> their database, or has otherwise allowed their data to get into a
> spammer's hands. As they have had that address for years, I can
> draw no conclusions about when the leak happened, and I certainly
> don't know how it happened.
>
> I monitor my domain on a daily basis for dictionary attacks and
> other nefarious spammer tricks, so I am highly confident this wasn't
> just a randomly-guessed address.
>
> -Patti

My own experience with Full Tilt is similar except that I didn't cancel my
account. I never player there though.

I DIDN'T get the email.




 
Date: 10 Jan 2009 20:56:22
From: La Cosa Nostradamus
Subject: Re: Full Tilt Poker Data Leak
On Jan 10 2009 5:52 PM, Patti Beadles wrote:

> Shortly after Full Tilt Poker launched, I signed up for an account
> with them. For reasons that aren't relevant to this, I asked them to
> close my account a few hours later and haven't done business with
> them since. As I do when dealing with any business, I gave them a
> unique email address at my domain. That address has only been given
> to Full Tilt.
>
> This morning I received spam from an affiliate of a company called
> JBET Poker. I've never heard of them, but my mail filters filed the
> mail as something other than spam so I investigated further. The
> spam was sent to an address that I gave only to Full Tilt Poker.
>
> It seems that Full Tilt has had some sort of security breach, sold
> their database, or has otherwise allowed their data to get into a
> spammer's hands. As they have had that address for years, I can
> draw no conclusions about when the leak happened, and I certainly
> don't know how it happened.
>
> I monitor my domain on a daily basis for dictionary attacks and
> other nefarious spammer tricks, so I am highly confident this wasn't
> just a randomly-guessed address.
>
> -Patti
> --
> Patti Beadles, Oakland, CA


 
Date: 10 Jan 2009 19:40:43
From: johnny_t
Subject: Re: Full Tilt Poker Data Leak
In this case, I would say that they sold your name.

The account was a non-active account. I had no value to them, as you
are presumably not a customer. Why wouldn't they sell it?


  
Date: 10 Jan 2009 20:07:26
From: GrouchySmurf1002
Subject: Re: Full Tilt Poker Data Leak
On Jan 10 2009 10:40 PM, johnny_t wrote:

> In this case, I would say that they sold your name.
>
> The account was a non-active account. I had no value to them, as you
> are presumably not a customer. Why wouldn't they sell it?

I got the e-mail from JBet today too, and my account is quite active.

_______________________________________________________________________ 
looking for a better newsgroup-reader? - www.recgroups.com




 
Date: 10 Jan 2009 16:18:28
From: La Cosa Nostradamus
Subject: Re: Full Tilt Poker Data Leak
Have you considered your name was seen here and the new, unheard of poker
room tracked you from here ? You are a known longterm player here. It
isn't hard to find out all emails registered through your domain.
On Jan 10 2009 5:52 PM, Patti Beadles wrote:

> Shortly after Full Tilt Poker launched, I signed up for an account
> with them. For reasons that aren't relevant to this, I asked them to
> close my account a few hours later and haven't done business with
> them since. As I do when dealing with any business, I gave them a
> unique email address at my domain. That address has only been given
> to Full Tilt.
>
> This morning I received spam from an affiliate of a company called
> JBET Poker. I've never heard of them, but my mail filters filed the
> mail as something other than spam so I investigated further. The
> spam was sent to an address that I gave only to Full Tilt Poker.
>
> It seems that Full Tilt has had some sort of security breach, sold
> their database, or has otherwise allowed their data to get into a
> spammer's hands. As they have had that address for years, I can
> draw no conclusions about when the leak happened, and I certainly
> don't know how it happened.
>
> I monitor my domain on a daily basis for dictionary attacks and
> other nefarious spammer tricks, so I am highly confident this wasn't
> just a randomly-guessed address.
>
> -Patti
> --
> Patti Beadles, Oakland, CA


  
Date: 10 Jan 2009 16:47:45
From: joeturn
Subject: Re: Full Tilt Poker Data Leak
I think this needs to be said 1/4 is 2/8s

Having in a past life done service work, very often, someone will
make
some very specific request, then when they get exactly what they ask
for, complain about it no matter what and demand something else.
This
is especially common in web work.

In that case, it's best just to play dumb and let them basically
point
to the line on the cup (metaphorically or in reality). Make sure
they
can't possibly bitch, because some people seem absolutely determined
to bitch about absolutely everything.


"Three quarters of a cup" isn't necessarily such a request, but if I
were fucked enough to be working in a coffee shop, you can bet that
if
someone asked for "seven eighths" that I've never heard of a fucking
eighth in my life unless it was of weed, because no way would I be
being paid enough to know what the fuck an eighth was.




   
Date: 10 Jan 2009 17:30:07
From: Paul Popinjay
Subject: Re: Full Tilt Poker Data Leak
"joeturn" <joeturn2000@yahoo.com > wrote in message
news:ba20b052-15e3-4a43-8bdd-e426a142b3e0@r27g2000vbp.googlegroups.com...
>I think this needs to be said 1/4 is 2/8s
>
> Having in a past life done service work, very often, someone will
> make
> some very specific request, then when they get exactly what they ask
> for, complain about it no matter what and demand something else.
> This
> is especially common in web work.
>
> In that case, it's best just to play dumb and let them basically
> point
> to the line on the cup (metaphorically or in reality). Make sure
> they
> can't possibly bitch, because some people seem absolutely determined
> to bitch about absolutely everything.
>
>
> "Three quarters of a cup" isn't necessarily such a request, but if I
> were fucked enough to be working in a coffee shop, you can bet that
> if
> someone asked for "seven eighths" that I've never heard of a fucking
> eighth in my life unless it was of weed, because no way would I be
> being paid enough to know what the fuck an eighth was.
>


Ok, Joe, now see what I mean? If someone can explain to me half (not an
1/8th) of what Joe just said, I would appreciate it.

Is it just me, or does anyone else get the feeling that this might be The
Fred come back under a different screen name?

-PP




  
Date: 10 Jan 2009 18:44:31
From: joeturn
Subject: Re: Full Tilt Poker Data Leak
Its a coded message only a man beaten by jacks can figure out However
you have seen it before PP!!

http://groups.google.com/group/sci.math/browse_thread/thread/10d28fb429f8cc3b/b24b402f12b1cf9c?q=what+the+fuck+an+eighth+was.+author%3Aa+author%3Aman+author%3Abeaten+author%3Aby+author%3Ajacks&lnk=nl&


  
Date: 10 Jan 2009 18:32:45
From: joeturn
Subject: Re: Full Tilt Poker Data Leak
On Jan 10, 8:30=A0pm, "Paul Popinjay" <paulpopin...@sbcglobal.net >
wrote:
> "joeturn" <joeturn2...@yahoo.com> wrote in message
>
> news:ba20b052-15e3-4a43-8bdd-e426a142b3e0@r27g2000vbp.googlegroups.com...
>
>
>
>
>
> >I think this needs to be said 1/4 is 2/8s
>
> > Having in a past life done service work, very often, someone will
> > make
> > some very specific request, then when they get exactly what they ask
> > for, complain about it no matter what and demand something else.
> > This
> > is especially common in web work.
>
> > In that case, it's best just to play dumb and let them basically
> > point
> > to the line on the cup (metaphorically or in reality). =A0Make sure
> > they
> > can't possibly bitch, because some people seem absolutely determined
> > to bitch about absolutely everything.
>
> > "Three quarters of a cup" isn't necessarily such a request, but if I
> > were fucked enough to be working in a coffee shop, you can bet that
> > if
> > someone asked for "seven eighths" that I've never heard of a fucking
> > eighth in my life unless it was of weed, because no way would I be
> > being paid enough to know what the fuck an eighth was.
>
> Ok, Joe, now see what I mean? =A0If someone can explain to me half (not a=
n
> 1/8th) of what Joe just said, I would appreciate it.
>
> Is it just me, or does anyone else get the feeling that this might be The
> Fred come back under a different screen name?
>
> -PP- Hide quoted text -
>
> - Show quoted text -

You dont remember saying that PP??


  
Date: 11 Jan 2009 00:43:34
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <kfqn36xo0g.ln2@recgroups.com >,
La Cosa Nostradamus <a6f44ce@webnntp.invalid > wrote:
>Have you considered your name was seen here and the new, unheard of poker
>room tracked you from here ? You are a known longterm player here. It
>isn't hard to find out all emails registered through your domain.

Actually, there is one person on the planet who knows all
of the email addresses used at my domain, and that is me.

If you know of a way to get that information, please let me
know. I will be quite surprised, though. I have significant
technical expertise in both email and network security,
including some time spent managing a data center and network
operations for an email company.

Say what you want to about my poker skill, but this is a case
where I'm quite confident of my technical knowledge.

-Patti
--
Patti Beadles, Oakland, CA


   
Date: 10 Jan 2009 18:14:39
From: La Cosa Nostradamus
Subject: Re: Full Tilt Poker Data Leak
On Jan 10 2009 7:43 PM, Patti Beadles wrote:

> In article <kfqn36xo0g.ln2@recgroups.com>,
> La Cosa Nostradamus <a6f44ce@webnntp.invalid> wrote:
> >Have you considered your name was seen here and the new, unheard of poker
> >room tracked you from here ? You are a known longterm player here. It
> >isn't hard to find out all emails registered through your domain.
>
> Actually, there is one person on the planet who knows all
> of the email addresses used at my domain, and that is me.
>
> If you know of a way to get that information, please let me
> know. I will be quite surprised, though. I have significant
> technical expertise in both email and network security,
> including some time spent managing a data center and network
> operations for an email company.
>
> Say what you want to about my poker skill, but this is a case
> where I'm quite confident of my technical knowledge.
>
> -Patti
> --
> Patti Beadles, Oakland, CA


    
Date: 11 Jan 2009 02:33:26
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <f91o36xfmg.ln2@recgroups.com >,
La Cosa Nostradamus <a6f44ce@webnntp.invalid > wrote:

>I was referring to you as a winner that would be valuable to fill seats. I
>don't know how to hack you specifically. I have read a bit about how to do
>it and what i have read has led me to believe that i could do it on a
>large scale and it would be profitable. Some cookies that you
>accept pick up email addresses you use while browsing the site with the
>cookie. In essence if you are at the cookie site in one tab and email at
>the same time, that cookie sees your email address. That cookie then
>associates you with poker. Eventually the cookie company has enough poker
>people's emails to sell it to someone like a new poker company. Cookie
>companies are sneaky bastards.

What you describe isn't really possible... I think you
misunderstand some things about how cookies work.

In my case, it's extra difficult because I do not use a web
browser or traditional email client for sending and receiving
mail. All of my mail is accessed through a Linux command-line
client on a third party server, and that server is accessed
via an encrypted shell.

I make my living dealing with the nuances of this stuff.

-Patti
--
Patti Beadles, Oakland, CA


     
Date: 11 Jan 2009 01:16:21
From: Robert Ladd
Subject: Re: Full Tilt Poker Data Leak

"Patti Beadles" <pattib@green.rahul.net > wrote in message
news:gkblpm$bm4$1@blue.rahul.net...
> In article <f91o36xfmg.ln2@recgroups.com>,
> La Cosa Nostradamus <a6f44ce@webnntp.invalid> wrote:
>
>>I was referring to you as a winner that would be valuable to fill seats. I
>>don't know how to hack you specifically. I have read a bit about how to do
>>it and what i have read has led me to believe that i could do it on a
>>large scale and it would be profitable. Some cookies that you
>>accept pick up email addresses you use while browsing the site with the
>>cookie. In essence if you are at the cookie site in one tab and email at
>>the same time, that cookie sees your email address. That cookie then
>>associates you with poker. Eventually the cookie company has enough poker
>>people's emails to sell it to someone like a new poker company. Cookie
>>companies are sneaky bastards.
>
> What you describe isn't really possible... I think you
> misunderstand some things about how cookies work.
>
> In my case, it's extra difficult because I do not use a web
> browser or traditional email client for sending and receiving
> mail. All of my mail is accessed through a Linux command-line
> client on a third party server, and that server is accessed
> via an encrypted shell.
>
> I make my living dealing with the nuances of this stuff.
>
> -Patti
> --
> Patti Beadles, Oakland, CA


      
Date: 11 Jan 2009 01:10:24
From: La Cosa Nostradamus
Subject: Re: Full Tilt Poker Data Leak
On Jan 11 2009 3:16 AM, Robert Ladd wrote:

> "Patti Beadles" <pattib@green.rahul.net> wrote in message
> news:gkblpm$bm4$1@blue.rahul.net...
> > In article <f91o36xfmg.ln2@recgroups.com>,
> > La Cosa Nostradamus <a6f44ce@webnntp.invalid> wrote:
> >
> >>I was referring to you as a winner that would be valuable to fill seats. I
> >>don't know how to hack you specifically. I have read a bit about how to do
> >>it and what i have read has led me to believe that i could do it on a
> >>large scale and it would be profitable. Some cookies that you
> >>accept pick up email addresses you use while browsing the site with the
> >>cookie. In essence if you are at the cookie site in one tab and email at
> >>the same time, that cookie sees your email address. That cookie then
> >>associates you with poker. Eventually the cookie company has enough poker
> >>people's emails to sell it to someone like a new poker company. Cookie
> >>companies are sneaky bastards.
> >
> > What you describe isn't really possible... I think you
> > misunderstand some things about how cookies work.
> >
> > In my case, it's extra difficult because I do not use a web
> > browser or traditional email client for sending and receiving
> > mail. All of my mail is accessed through a Linux command-line
> > client on a third party server, and that server is accessed
> > via an encrypted shell.
> >
> > I make my living dealing with the nuances of this stuff.
> >
> > -Patti
> > --
> > Patti Beadles, Oakland, CA


      
Date: 11 Jan 2009 08:33:21
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <gkc9sj$ars$1@news.motzarella.org >,
Robert Ladd <rladd5@cox.net > wrote:

>I've seen people try to BS their way through technology, but I can't
>remember someone so blatantly demonstrating their lack of knowledge about a
>subject as convincingly as La Cosa did here.

Nah, I'll cut him a break. La Cosa and I certainly have
our differences of opinion, but I think that he was sincere
in his message.

Most people really don't understand how technology works.
Cookies are particularly confusing to people, and there's
a lot of false information floating around about what they
are and how they work. I don't fault anyone for not knowing
what cookies can and can't do, so long as they're willing to
listen to people who do know.

-Patti
--
Patti Beadles, Oakland, CA


     
Date: 10 Jan 2009 20:54:47
From: La Cosa Nostradamus
Subject: Re: Full Tilt Poker Data Leak
On Jan 10 2009 9:33 PM, Patti Beadles wrote:

> In article <f91o36xfmg.ln2@recgroups.com>,
> La Cosa Nostradamus <a6f44ce@webnntp.invalid> wrote:
>
> >I was referring to you as a winner that would be valuable to fill seats. I
> >don't know how to hack you specifically. I have read a bit about how to do
> >it and what i have read has led me to believe that i could do it on a
> >large scale and it would be profitable. Some cookies that you
> >accept pick up email addresses you use while browsing the site with the
> >cookie. In essence if you are at the cookie site in one tab and email at
> >the same time, that cookie sees your email address. That cookie then
> >associates you with poker. Eventually the cookie company has enough poker
> >people's emails to sell it to someone like a new poker company. Cookie
> >companies are sneaky bastards.
>
> What you describe isn't really possible... I think you
> misunderstand some things about how cookies work.
that is most likely the case
> In my case, it's extra difficult because I do not use a web
> browser or traditional email client for sending and receiving
> mail. All of my mail is accessed through a Linux command-line
> client on a third party server, and that server is accessed
> via an encrypted shell.
>
> I make my living dealing with the nuances of this stuff.
>
> -Patti
> --
> Patti Beadles, Oakland, CA


  
Date: 10 Jan 2009 16:32:53
From: Jason Pawloski
Subject: Re: Full Tilt Poker Data Leak
On Jan 10 2009 5:18 PM, La Cosa Nostradamus wrote:

> Have you considered your name was seen here and the new, unheard of poker
> room tracked you from here ? You are a known longterm player here. It
> isn't hard to find out all emails registered through your domain.
> On Jan 10 2009 5:52 PM, Patti Beadles wrote:
>
> > Shortly after Full Tilt Poker launched, I signed up for an account
> > with them. For reasons that aren't relevant to this, I asked them to
> > close my account a few hours later and haven't done business with
> > them since. As I do when dealing with any business, I gave them a
> > unique email address at my domain. That address has only been given
> > to Full Tilt.
> >
> > This morning I received spam from an affiliate of a company called
> > JBET Poker. I've never heard of them, but my mail filters filed the
> > mail as something other than spam so I investigated further. The
> > spam was sent to an address that I gave only to Full Tilt Poker.
> >
> > It seems that Full Tilt has had some sort of security breach, sold
> > their database, or has otherwise allowed their data to get into a
> > spammer's hands. As they have had that address for years, I can
> > draw no conclusions about when the leak happened, and I certainly
> > don't know how it happened.
> >
> > I monitor my domain on a daily basis for dictionary attacks and
> > other nefarious spammer tricks, so I am highly confident this wasn't
> > just a randomly-guessed address.
> >
> > -Patti
> > --
> > Patti Beadles, Oakland, CA


   
Date: 10 Jan 2009 16:49:18
From: La Cosa Nostradamus
Subject: Re: Full Tilt Poker Data Leak
On Jan 10 2009 7:32 PM, Jason Pawloski wrote:

> On Jan 10 2009 5:18 PM, La Cosa Nostradamus wrote:
>
> > Have you considered your name was seen here and the new, unheard of poker
> > room tracked you from here ? You are a known longterm player here. It
> > isn't hard to find out all emails registered through your domain.
> > On Jan 10 2009 5:52 PM, Patti Beadles wrote:
> >
> > > Shortly after Full Tilt Poker launched, I signed up for an account
> > > with them. For reasons that aren't relevant to this, I asked them to
> > > close my account a few hours later and haven't done business with
> > > them since. As I do when dealing with any business, I gave them a
> > > unique email address at my domain. That address has only been given
> > > to Full Tilt.
> > >
> > > This morning I received spam from an affiliate of a company called
> > > JBET Poker. I've never heard of them, but my mail filters filed the
> > > mail as something other than spam so I investigated further. The
> > > spam was sent to an address that I gave only to Full Tilt Poker.
> > >
> > > It seems that Full Tilt has had some sort of security breach, sold
> > > their database, or has otherwise allowed their data to get into a
> > > spammer's hands. As they have had that address for years, I can
> > > draw no conclusions about when the leak happened, and I certainly
> > > don't know how it happened.
> > >
> > > I monitor my domain on a daily basis for dictionary attacks and
> > > other nefarious spammer tricks, so I am highly confident this wasn't
> > > just a randomly-guessed address.
> > >
> > > -Patti
> > > --
> > > Patti Beadles, Oakland, CA


 
Date: 10 Jan 2009 18:25:57
From: A Man Beaten by Jacks
Subject: Re: Full Tilt Poker Data Leak
On Sat, 10 Jan 2009 22:52:02 +0000 (UTC), pattib@green.rahul.net
(Patti Beadles) wrote:

>It seems that Full Tilt has had some sort of security breach, sold
>their database, or has otherwise allowed their data to get into a
>spammer's hands. As they have had that address for years, I can
>draw no conclusions about when the leak happened, and I certainly
>don't know how it happened.

Maybe the poker rooms are selling off their email databases before
going belly-up.


  
Date: 10 Jan 2009 23:36:36
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <bjbim4tg0kl42mu2i8oqg5up8l6fvue9kj@4ax.com >,
A Man Beaten by Jacks <nobody@fool.foo > wrote:
>Maybe the poker rooms are selling off their email databases before
>going belly-up.

It's possible, but it seems unlikely that one of the more
popular sites would do that. The amount of money that they
get from rake completely dwarfs what they would get from
their database.

In my experience, the most likely scenario is that a rogue
employee dumped the database and sold it. Less likely but
possible is a network security issue of some sort.

-Patti
--
Patti Beadles, Oakland, CA


   
Date: 10 Jan 2009 19:48:49
From: Von Fourche
Subject: Re: Full Tilt Poker Data Leak

"Patti Beadles" <pattib@green.rahul.net > wrote in message
news:gkbbe4$vq2$1@blue.rahul.net...
> In article <bjbim4tg0kl42mu2i8oqg5up8l6fvue9kj@4ax.com>,
> A Man Beaten by Jacks <nobody@fool.foo> wrote:
>>Maybe the poker rooms are selling off their email databases before
>>going belly-up.
>
> It's possible, but it seems unlikely that one of the more
> popular sites would do that. The amount of money that they
> get from rake completely dwarfs what they would get from
> their database.
>
> In my experience, the most likely scenario is that a rogue
> employee dumped the database and sold it. Less likely but
> possible is a network security issue of some sort.



Don't companies sell names and address all the time? Buy a ticket online
for a big auto race and what are the chances six months later you get a
flyer in the mail for a subscription to an auto racing magazine? Very good.
Good luck to your war on spam!






    
Date: 11 Jan 2009 04:36:49
From: Patti Beadles
Subject: Re: Full Tilt Poker Data Leak
In article <QtOdnVmMxplA3PTUnZ2dnUVZ_uudnZ2d@earthlink.com >,
Von Fourche <khonakong@hotmail.com > wrote:

> Don't companies sell names and address all the time?

Companies generally have fairly strong privacy policies around
selling email addresses, and it's fairly rare for a reputable
business to leak your email address.

I have well over 200 tagged email addresses in the wild, and
I have been giving them out on this domain for something like
five years now. Of all those addresses, the one I gave Full
Tilt is only the sixth one to be spammed. The others were:

TD Ameritrade (which has been well-documented in the press)
LiveJournal (while owned by Six Apart)
OpenTable
Poker Players' Alliance
Slik Stik

Ameritrade had a data leak for over 18 months. I first reported
it to them in December 2005, and they finally acknowledged the
breach in September 2007.

The PPA vehemently denies that they've ever had a problem, even
though several people documented the fact that they'd received
spam at an address given only to the PPA.

In only one of those cases do I believe that the company itself
sold out. In all of the others, I strongly suspect that it was
an inside job by an employee.

-Patti
--
Patti Beadles, Oakland, CA


 
Date: 10 Jan 2009 15:09:25
From: joeturn
Subject: Re: Full Tilt Poker Data Leak
Now pattib fulltilt is only the tip of the iceberg!!

Yahoo!My Yahoo!MailWelcome, Guest [Sign In] Help
WebImagesVideoLocalShoppingmoreAnswersAudioDirectoryJobsNewsAll Search
ServicesOptionsAdvanced SearchPreferencesAdvertising ProgramsAbout
This PageCustomizeMy EnhancementsDefault EnhancementsMore...Browse
GalleryManage SettingsYahoo!Suggestions:
Start typing to see suggestions.
Explore concepts:
pattib@green.rahul.net "Patti Beadles"
pattib@green.rahul.net poker
pattib@green.rahul.net "Google Groups"
pattib@green.rahul.net rec.gambling
pattib@green.rahul.net stack
pattib@green.rahul.net "Usenet group"
pattib@green.rahul.net "new bike"
pattib@green.rahul.net "Math Forum"
pattib@green.rahul.net "User Profile"
pattib@green.rahul.net "reply message"
pattib@green.rahul.net "bike shop"
pattib@green.rahul.net riding
pattib@green.rahul.net "group will"
pattib@green.rahul.net "newbie question"
pattib@green.rahul.net "Paul Phillips"
pattib@green.rahul.net "Drexel University"
Search Assist Settings
Help

1 - 10 of 291 for pattib@green.rahul.net (About) - 0.32 s