BetPhoenix and password security

flyingillini · 02-13-10, 02:38 AM

Originally posted by SpreadSniper

the whole ****ing place seems like a joke.... slapped together by some Costa Rican with a commodore 64.... have you got one of their calls regarding their awsome "reload bonuses"?? Get the rep to explain the ENTIRE reload bonus process to you... If he/she can tell you the entire thing without messing up, or confusing themselves then they should be a politician.

They called me today again and asked if I was going to be playing with them for March Madness. I tell them the same thing each time they call. I tell them I play with the best book in the business, Heritage. They offered me some hilarious bonus with a huge rollover and I tell them what I get, the guy on the other end of the phone always gets silent. I then proceed to hang up.

xsp123 · 02-13-10, 12:49 PM

Originally posted by skrtelfan

Hopefully starting a new thread will bring some attention to this matter, but if anyone wasn't aware, BetPhoenix actually puts your password in the URL when you log in, and it's saved in your browser history. From a security standpoint, this is terrible, and may well explain why several people seem to be having problems with the security of their BP accounts. Until they rectify this matter, if you use BP, make sure you clear your browser history very frequently.

as a backdoor, using http://bettor2.betphoenix.com/login.asp to login will solve the problem

though I agreed that BP should fix it in the home page.

wirehead · 02-13-10, 02:59 PM

Worse than you think.

The problem's actually worse than you think. They're not using https for logins, so the password in the URL is being passed in the clear. And from what I see, this problem affects both versions. For the new version, the URL is something like be.betphoenix.com/<method=login><your user name><your password>

Can someone tell me why the lines on the public website are 20c different than the lines I'm offered to bet once I login?

xsp123 · 02-13-10, 04:50 PM

BP is not alone

Originally posted by wirehead

The problem's actually worse than you think. They're not using https for logins, so the password in the URL is being passed in the clear.

I am not trying to defense for BP, but BP is not alone in not using https with POST. The Greek, ABCIslands, BetRoyal, Skybook ... and more are also using FORM POST without HTTPS. So, by using the link, BP may not be better, but is just at the same risk level like these A / B grade books. just my 2 cents.

HeeeHAWWWW · 02-13-10, 05:23 PM

Sticking it in the url is worse than not encrypting, because a) stays in your browser history, and b) easier for anyone monitoring (including viruses) to look for URLs with the phrase "password" in there.

I'm not using phoenix or any of their skins till they fix this. It's simply absurd.

RogueScholar · 02-13-10, 10:01 PM

Originally posted by wirehead

The problem's actually worse than you think. They're not using https for logins, so the password in the URL is being passed in the clear. And from what I see, this problem affects both versions. For the new version, the URL is something like be.betphoenix.com/<method=login><your user name><your password>

Can someone tell me why the lines on the public website are 20c different than the lines I'm offered to bet once I login?

So now they're using two linesets, like BetUS and Bodog? Talk about all the sparkle coming off this book in a hurry. When SBR first started pushing them on posters I thought this might be a high-quality out with a revolutionary business model. Now I'm under no such illusions. I echo the sentiment that SBR used to keep us "in the know" when it came to the business side of the industry but now leaves us in the lurch. It's disappointing to say the least.

Dark Horse · 02-14-10, 12:30 AM

They've always had two linesets. But it's determined by the user, not the book. If you want low juice you can have it, but not with a bonus. Although that can all be negotiated.

cap10 · 02-14-10, 02:27 AM

the carribean books are a joke with security compared to books in europe;; no feature to change passwords? bet365 had that 10 yrs ago;; i complained on here yrs ago but nobody seems to care ;;