Skip to main content

One post tagged with "rsi-betrivers-nj"

View All Tags
MissedRemote access★ Pinned

XPoint / RSI BetRivers NJ: Tailscale RDP fails detection in most cases, bypass-by-logout

XpointRushStreet Interactive (BetRivers)
xpointrsi-betrivers-njrdptailscaleciV-73

Source. May 19, 2026 weekly sync.
Ticket. CIV-73: BetRivers NJ — RDP via macOS.

What we tested

Remote desktop access against the RSI BetRivers New Jersey XPoint deployment, driven from macOS via Tailscale. Two distinct attack methods were exercised:

  1. Brief one-time approval — first-touch remote-session setup requires a single approval prompt at the controlled device.
  2. Fully unattended — no prompt, no human interaction required at the controlled device after initial enrolment.

What happened

  • Most cases: not detected. XPoint failed to flag Tailscale-based remote access in the majority of runs, allowing bets to be placed from a physically separate location.
  • When detection did trigger: inconsistent and trivially bypassable. Detection events did not persist — logging out and back in cleared the restriction and the session continued.
  • Both attack methods confirmed. Both the one-time-approval path and the fully-unattended path placed bets successfully.

Why it matters

This is the second cross-state confirmation of XPoint's RDP detection gap, alongside the FaceTime RDP failure at RSI Delaware (Apr 7). The gap is structural, not state-specific — RSI deployments in multiple states (AZ, DE, NJ) all show the same pattern.

Combined with the Bet365 NJ Tailscale + RealVNC bypass on Radar this week, both challenger providers running NJ sportsbooks are blind to Tailscale- driven remote sessions.

Cross-reference

XPoint profile → · May 19 weekly sync →