User message spoofing
- The current clients display messages in a way that enables a malicious user to send a message that contains what appears to be a message from another client
- e.g.
My idea is earth-shattering.<CR>[James Bond]<CR>I think this is a great idea as well.
- Possible remedy: Print the messages in a manner that prevents the user from displaying such messages (e.g. italicize user names, filter messages of this format server-side)