Page 2 of 2
Re: The 800lb gorilla in the room
Posted: Mon Sep 06, 2021 2:42 pm
by Kent Briggs
navels wrote:Do we know that this prevents the specific exploit that prompted this thread?
Yes, the exploit modified the client Javascript that was stored inside the server's executable file. The server now verifies its own digital signature and shuts down if it detects any change. I mentioned this in the PFA thread last year.
Re: The 800lb gorilla in the room
Posted: Mon Sep 06, 2021 3:06 pm
by Kent Briggs
By the way, here's how you can detect a site that hacked their own server with modified Javascript. Load the poker client. You do not need to log in. Press Ctrl-U in your browser to show the source HTML. Look for this script tag:
Code: Select all
src="Source?Name=PokerMinJs&Ver=6.31&Crc=7C27A36E" type="text/javascript"
Click that link to display the compressed Javascript. Press Ctrl-F and do a search on "http" to look for links to external servers. The only one you should find is
http://www.briggsoft.com which is tied to my background logo.
Re: The 800lb gorilla in the room
Posted: Mon Sep 06, 2021 6:19 pm
by navels
Kent Briggs wrote:navels wrote:Do we know that this prevents the specific exploit that prompted this thread?
Yes, the exploit modified the client Javascript that was stored inside the server's executable file. The server now verifies its own digital signature and shuts down if it detects any change. I mentioned this in the PFA thread last year.
Thanks!
Re: The 800lb gorilla in the room
Posted: Thu Sep 23, 2021 8:49 pm
by ftpjesus
Got a guy emailing me about this exploit earlier this week.. I told him I was curious since the developer had patched that capability out in 2020 with the signature file verification... crickets on a response still..
