DSI asks for password over live chat?

Quite a few of books ask for password over live chat, I'm pretty sure the BetPhoenix group does. Bodog will ask you for mothers maiden name even if it's just a general question.

I can't remember if this pertains to this particular book, but the problem is that these chats are not properly secured (https) channels of communication. What this means is that any unscrupulous bastard with the know-how can listen in to "the wire" (or the the wifi access point, as the case may be) and read every word that is typed in the chat.

I've always been amazed that these books are running wide open plain text chats and asking their players for private info.

Eavesdropping on your Internet communications and capturing passwords is easy to do - in fact, if you are on an unencrypted connection (as you are when chatting in these sportsbook's chats), and you are using a wifi access point, anyone with a laptop within a couple hundred feet of where you are sitting could be actively monitoring everything you do and say. (It should be noted that even if you have a direct wired connection to the Internet, it is still possible for someone down the line to listen in.)

This post is not fear mongering, it's real: interested people should google the software: Cain and Abel, Ettercap, and Wireshark for examples of these network intrusion tools.

Sometimes when I read about mysterious activity in player's accounts, such as money transferred from book to the book's casino and wasted away, or a mysterious book to book transfer or a transfer to another account, I don't really wonder how that could have happened. It's obvious how it could have happened - these books are simply too damn irresponsible to run secure chats and secure logins. And setting up https is not hard to do - I continue to be amazed (and saddened) by these books technology.

How? Never heard of this... honestly curious.

But regardless, thanks for the heads-up man! Rare to see lengthy, meaningful posts around here.

The links I posted above are to Wikipedia articles which go into more detail about some of the software used. I refer you to these articles and suggest googling terms such as "intercepting internet traffic", "password sniffing", "HTTP session hijacking", and "man in the middle attack" for more info.

I'm not going to pretend to be able to talk about this stuff in detail because I wouldn't feel comfortable talking about technical information without expertise, but basically, in the case of wifi access points, you can turn your computer's network card into an interceptor of packets (which are basic units of internet traffic and you can think of them as literally flying through the air from your laptop to the wifi router).

In the case of wired connections, some nosy bastard (or governmental agent, for that matter) could have direct access to a system that your traffic is passing through on its way to your sportsbook's server. Again, I refer others to research the above mentioned terms for more information.

thadchr, thanks for the points.

I'll add on one more point here: What I do to combat the inherent insecurity of the Internet is encrypt all of my traffic (using OpenVPN or SSH) and either immediately send it directly out of the country, or send it to my own personal dedicated VPS (virtual private server). This I believe solves the problem of unencrypted chats and logins and wifi access points and also lessens the chance of wired eavesdropping.

Plenty of good books do this, not a big deal.

I've always found this to be an unnecessary security risk, particularly when dealing with CRIS books. Pokerstars and Fulltilt wouldn't ask for your password unless you had problems with a bank wire or something of that nature.

One thing that DSI did that reeeaaallllyyy bugged me was when I was verifying my first deposit to my account over the phone, the employee had to do it and therefore had to enter my BkofAma security code password, which I begrudgingly ended up giving him (probably a pretty risky/stupid move on my part) but since I dont really ever have $ in my BofAmerica account I havent had problems or too many worries, but still.... not cool DSI

No big deal. Despite what tech geeks CAN do to steal your password I promise you, no one is listening in.

giving copies of drivers licenses and giving out passwords sucks. but unfortunately its part of the game with most sportsbooks

5Dimes asks for your password over email, which is really weird. Why don't these books set up some kind of "PIN" number or alternate password for verification purposes only?

This is common with many books. If it makes you feel uncomfortable, pick up your phone and give them a call instead.

pin @ bet365.com

I cant think of a book that doesnt ask for it over live chat... 5 dimes wont even tell you what time it is without your account # and password

5Dimes ask for it.

what !!!!!!!!!!!!!!!!! ???????????????????? !!!!!!!!!!!!!!!!!!!!!

If your just talking about the 3 digits on the back this is one thing, please tell me they just wanted that.

what's wromg for confirming your password

Naw, its a security measure that BkofAma uses for anytime you wanna buy (or in this case deposit) money with your card. After you use your card online, a picture will pop up (that is individual to your card) and they ask for a predetermined password specifically for use with the BofAmerica card. Yeah, it was probably retarded of me to give him this password, especially if he can see the rest of the card's info but, well, I'm an idiot like that I guess haha. So far no problems luckily.

I don't understand why they need your PASSWORD to confirm your identity. Banks in Canada I could provide things like DOB, full mailing address, and other security questions to verify my identity but they never ask for your password. It's against corporate policy.

I've thus far only really used matchbook and pinnacle and they've never asked for my password, thus why I was confused when DSI first asked. But since you guys say it's standard practice, well I guess I gotta use to it.

I've always found it funny, but some books train their CS to demand account # and password before they answer anything.

Usually my questions are general rules questions and not account specific, but they won't tell me anything if I don't give them my information.