Here's a fascinating account of a "side-band" attack on online Blackjack. At a certain point in the gameplay, the software dealer appeared to need substantially more calculations if there was a ten in the dealer's hole than if there wasn't. Players who timed the pause could therefore get a partial peek at the dealer's cards and so gain an edge over the house.
In Poker, this is called a "tell" — the propensity of a player with junk to mop his brow, or of a player to unconsciously tap his foot when he's bluffing. Computers are generally considered not to have tells, because they're not sentient and hence not prone to subconscious fidgeting, but computer tells do arise in those situations where they are doing something computationally intensive.
The code itself may have been completely correct in the sense that it did what it was supposed to do. It was the amount of time the code needed to execute that ended up being the tell. No different than when a poker player twitches when holding a great hand.
The fix may have been to change the execution profile of the code so that it made the same pause no matter what was in the hole. Talk about a challenge for game developers. Not only does the code need to be bug free in syntax and semantics, but they now need to worry about the execution profile for their games.
(Thanks, Haaked!)
