13:12 < erik_> deen online?
13:17 <@deen> ?
13:17 < erik_> darf ich dich nerven/fragen
13:18 <@deen> ?
18:36 < EastBite> deen: the timeout code is only generated once isn't it?
18:39 <@deen> yes
18:40 < EastBite> so theoretically you can collect timeout codes using your own server, attack players internet connection and hijack the session
18:40 <@deen> yes
18:41 <@deen> It was supposed to be a quick fix for the timeouts for the tournament yesterday
18:41 <@deen> but that got fucked up anyway
18:41 < EastBite> ah
18:41 < EastBite> and still you solved one of the biggest problems in teeworlds :P
18:43 <@deen> for a proper solution you would need some signing stuff
18:43 <@deen> so the server can send you a message and you sign it and send it back instead of giving away your code
18:43 <@deen> or accounts of course
18:43 < EastBite> would apply to the rcon password aswell
18:44 <@deen> I'm quite often on other people's servers and press my rcon password bind by accident^^
18:44 < EastBite> hehe
18:45 < EastBite> there have been many successful phishing attacks because of this
18:45 <@deen> oh, really?
18:45 <@deen> haven't had a problem on ddnet yet
18:46 < EastBite> the servers of teevision for example
18:46 < EastBite> the rcon pw got public recently
18:46 < EastBite> because one of my friend did some phishing
18:47 < EastBite> hmm some signing stuff would be cool
18:47 < EastBite> a certificate for every player
22:47  * Rashu slaps deen around a bit with a large fishbot
22:50 <@deen> hi