ADW Security - Horse Racing Forum - PaceAdvantage.Com

OverlayHunter · 06-15-2023, 11:57 AM

It never occurred to me until today that none of the 3 ADW's I use have anything in their URL's indicating that their sites are secure. I don't know much about web security but, for example, Chase has a URL that starts with
secure08ea and another I'm familiar with is https.

Are those levels of security not necessary or are we being placed at risk in some way?

DanBoals · 06-15-2023, 05:25 PM

Without knowing which ADWs, my guess is that they have something in the terms of service that says if you use their software you are automatically agreeing to everything they say and that if there are any problems you agree not to hold them liable in any way. This means there is basically no risk for them, and you assume all the risk.

I live in Nevada, so I can no longer use TwinSpires. I used YouBet for years, then TwinSpires for years and never had a problem with either. Now I live in Nevada, I am barred by Nevada law from using anything but a Nevada casino app. I used Atlantis app up until 2 weeks ago. It is programmed by something called MiOMNi and it is really bad and getting worse. Seems like that happens a lot when there is no competition. Same deal, when it has errors, I can and have taken screen shots to show Atlantis, but they say I agreed they were not responsible when I used their app.

With almost ANY software these days, this kind of End User License Agreement and Terms of Service situation is going to give you all the risks and no rights. As long as there is no competitor that gives you rights, what are you going to do?

DanBoals · 06-15-2023, 05:30 PM

If you are talking about risk of someone snatching your password, there is a program called WireShark.

There are a ton of videos on YouTube to tell you how to run it.

Using WireShark you can see all the traffic on your network. When you log on to the website, you can see whether your password is going in the open or is encrypted. My guess is there is some encryption in the software interface you are using, but WireShark would show you your password if it were being sent in the clear.

OverlayHunter · 06-15-2023, 08:25 PM

Dan, thank you for the very helpful insights. My fear is that someone may steal my password, change the address and empty my account.

Gorrex · 06-16-2023, 09:28 AM

A few things here.

1. Having "secure" in the name/URL does nothing, its really just a mind trick. Our URL used to be secure.amwager.com. It was no more or less secure than the current one pro.amwager.com. (we changed when we ran both the old UI and new one at the same time.

2. What matters is the certificate and that the site is HTTPS enabled. As far as I'm aware all ADWs are and all of them forcefully redirect you to the secure URL if you try to use standard HTTP. You can tell this if you see the lock icon near the URL (in most browsers). And also most browsers will alert to you "Not Secure" if your on standard HTTP.

3. The URL /server being secure is only the first step. You should also care about how your personal and financial information is secured. Any personal information should be encrypted in transit and in the storage. Any password should be one way hashed so that even the ADW provider cannot read it. We do and I hope everyone does. We also enable encryption at rest, encryption between all of our own servers, encrypted connections from us to our tote provider, firewalls, OWASP etc..

Finally, even though not required in our industry we do periodic penetration testing against our software/products. If your not aware of what that is, basically we pay a company to try to hack us and they let us know of anything they find that could be an issue. I'm not sure but I'm guessing most of the ADWs do this.

I'm not saying we are perfect, true security on the web is a very complex, very intricate thing and its always evolving. It's quite literally an ongoing war with new weapons and shields every day.

OverlayHunter · 06-16-2023, 09:41 AM

Gorrex, thank you for the very detailed and helpful explanation. I knew internet security wasn't easy and what you shared tells me it is far more complex than I imagined. FWIW, Amwager is one of the ADW's I use and I'll now use it with more confidence.

BettinBilly · 06-24-2023, 07:57 AM

Good thread. After my Google-stored passwords became compromised from a 3rd party application, I had some issues with all of my online accounts, and it took a few days to clear everything up. Since then I have been keen on keeping my online security "secure". But there is only so much you can do. Hackers are clever, and they never stop hacking.

What I have done is scale back on many online accounts. I used to have three ADW accounts, now I only have one. I change the password frequently and do not keep a record of it in Google or Apple's cloud password wallet. Same with my bank, investment accounts, and any other online account that requres a password. My passwords are different for each account, they are written down via old-school paper and pen, and they are changed often.

Publius · 06-26-2023, 07:35 PM

If you can open a NYRABETS account do yourself a favor and open one.

They have promotions and give away money if you hit the opt in of the day.
It's safe and effective.

titans1127 · 06-29-2023, 06:16 PM

Quote:

Originally Posted by Publius

If you can open a NYRABETS account do yourself a favor and open one.

They have promotions and give away money if you hit the opt in of the day.
It's safe and effective.

Pretty much the only thing stopping me from using NYRA Bets exclusively is they don’t allow NY residents to watch and wager on non-NY harness tracks. Must be some antiquated rule or something like that.