I know for a fact Badspot would cringe at the security implications of such a remote console feature.
yeah. i only heard of it once, from an alleged use on some guys server where he apparently fortunately had wireshark running? never even saw the pcap myself, probably fake claim anyway
however, supposing the system had a check mechanism (master server like authenticating a key) for authentication so only badspot himself could use it, was totally undocumented, and was impossible to find unless you were there logging packets when it was used, it would still be secure, right? the only way it could be compromised is if someone had a MITM attack on the server to spoof the auth check and they knew the precise data to send, right? maybe a kind of a one-time-password implementation like two-factor auth like with google and facebook, seeded by a blockland auth key...? I don't know. I feel like it isn't actually a big risk - if the attacker has enough leverage over the victim to compromise this system, they might as well just pwn the victim through 'normal' means.
Wait seriously.
Dude, he's I.
Yeah, after that stunt I kinda dropped off the forums for a few months, then reregistered with all new information and obviously never did that again.
wtf i don't even
nice job remaining incognito
Wtf seriously? I never knew you went by anything other than DrenDran.
guess his attempt at going under the radar worked flawlessly
so you don't think he would add something like that?
if any user could execute arbitrary strings via
eval on any server as soon as some forgettard decides to run wireshark at just the wrong time (when badspot is using his secret eval backdoor), they could figure out the syntax giving them complete control over every blockland server ever, that would be a
pretty loving major security risk. badspot isn't that stupid.
of course, simple authentication would mitigate that risk
