1. 6
  1.  

  2. 4

    Full paper here: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final218.pdf

    I really like this research. It reminds me of a 1999 study from Cigital, where they were able to uncover their opponents' poker hands on PlanetPoker. How did they do it? PlanetPoker re-initialized their PRNG before every hand using the the system clock time. After playing a couple hands of poker, and guessing approximately what time it is on their server, you could backtrack the possible poker hands to determine the exact time on their server —– syncing up your clocks. Then, whenever you were dealt a new hand you could very quickly reverse it to see what PRNG seed was used to generate that hand. From there you could shuffle the deck yourself and then see your opponents cards.

    http://www.cigital.com/papers/download/developer_gambling.php http://bluffnakedpoker.com/PDF/developer_gambling.pdf