February 22, 2013 at 8:15 am #645
Thanks for sending me the file. I’ve been looking at that code you sent me and it isÂ definitelyÂ a back-door (that does not mean that it is bad),Â back-doors can be very useful andÂ it’s pretty obvious that they intend to use it to help you. My worry is that their code could be vulnerable to exploitation. I can tell you that they have made many good attempts to secure and limit the use of this file to them alone. So, if you trust them, then it is probably fine to continue using this service. However “probably” is not good enough for me to white-list this back-door (I feel I have labeled it correctly and people should know what they have on their server).
The potential for this code to be exploited is notÂ erasedÂ in my mind. I will be testing this file even more thoroughly against specific attacks and may yetÂ decideÂ to while-list or at least downgrade it in the future if I find it to be completely safe.
Thanks again for your help in this matter and please let me know if there is anything else I can do.