SquawkWin: The Community's First Trojan Horse?

[Guest rcarlson123]

>Let me ask you a question in return? Are you happy with the SB>Relay, SB, AVC and the associated harangue to connect? That>PID/VID you have is just for this purpose to make your online>flying better!! or are you happy as an online flyer that the>community is becoming closed and proprietory by the day!!!Can you point to any examples of how VATSIM is becoming closed and proprietary?I don't see how you can make that accusation just because VATSIM declined to approve SquawkWin, after the developers tried to circumvent the VATSIM software approval process, collected private information, covered their mistake with lies and misdirection when caught, hid behind a veil of anonymity, and refused to submit to a code review.And then there's the fact that in the last year or so we've seen the introduction of AVC and ASRC, both improvements over the previous options.So, there must be some other reason you come to the conclusion that VATSIM is closed and proprietary. Can you shed some light on that?

[Guest Pittsburgh]

Very well spoken, Ross! I too am a developer professionally and I am inclined to say, even though it may be futile to keep the discussion going, that I could argue that the transmittal of passwords was an error had it been done in plain text. However, I would have a hard time arguing the case of the accidental encryption before transmittal -- you don't go out of your way to encrypt things (albeit a very simple and almost stupid encryption) unless you really want it.Pittsburgh

[Guest rcarlson123]

Yeah, I had that same thought ... the fact that they "encrypted" the information certainly makes it harder to call it just a simple mistake. However, they encrypted everything they sent back, not just the password, so I guess I can still believe that the password was included in the transmitted information by error of oversight. In other words, whoever wrote that code made a quick decision to simply include every field of the user's connection data, (name, CID, password, etc.) for the sake of completeness, but without considering the ramifications. Perhaps all of the information was included in case any one piece of it might be needed for statistics gathering at a later date.(Note that I don't wish to defend them ... in any case, the mistake was made, and their handling of the situation once the mistake became public, was poor, to say the least.)The fact that the personal information was encrypted doesn't really surprise me, since it's common practice to encode data that are sent as part of an HTTP query string (as is the case here) so that it doesn't show up in plain text in their web server logs and is somewhat more difficult to intercept via packet sniffers. So, in a way, the fact that it was (weakly) encrypted can be seen as a good thing. If it was ONLY the password that was encrypted, then it would be plainly obvious that they made a concious and deliberate decision to capture the password, and their motives would then be even more suspect.

[Guest gabrielef1]

That was a great piece of code breaking work. I feel like I was reading "Angels and Demons" by Brown (DaVinci Code author).Gabriel

[Jetstar2 1]

I normally don't add to posts like this but I thought I'd throw in my opinion for the heck of it. I really don't understand why some people are accusing the VATSIM and IVAO for being proprietary and closed minded about new software. I see it this way: these two organizations go out their way to provide us a FREE service! I was a network admin for awhile and I can assure you this service isn't a simple little task. The fact they provide it to us is a PRIVELEGE and I for one am grateful, as it adds a whole new life to MSFS. If either network feels that there is a security risk, then by all means they should have the right to deny a questionable piece of software like Squawkwin that can affect their hard work. I still recall the password fiasco with VATSIM because of some stupid hacker. I don't think VATSIM's anxiety over Squawkin is unfounded at all. My suggestion for the people who want to use Squawkwin at all costs for a "better" online experience: By all means start your own network! Then you can have a blast with whatever software that is released by whomever. I have feeling though, instead those same people would rather sit by and complain if the VATSIM or IVAO networks were brought down by some hacker. Ok, off the soap box :) Robert Williamson

[BladeLWS 0]

Hey guys, This may seem WAY WAY WAY out into right field, but I have a theroy on who The Sun Team is. He's acting AND speaking like Ferdy Serena, the pervious head of FSPlanet. Has anyone else noticed this?

[Guest rcarlson123]

My guess would be no, but that's based only on the fact that squawkwin.com is registered in France, and fsplanet.com is registered in the US. Both use completely separate hosting services. Who knows.

[Guest Madtrapper]

Hi fellow aviators: I have read this forum over and over,and still wonder how many of you actually downloaded this program?and where you really thought you could use it, without the network authorization for the proper Mp servers.....give me a break........thanks avsim for the heads up and to the those that have downloaded it,I guess you got caught in what you thought was the better mouse trap......trapper

[Guest]

Ferdi is Spanish, his domain is US registered and his hosting company is in Italy :)

[Guest glnflwrs]

My $.02. I've read many posts in this thread saying, "Carelessness is not maliciousness", or to that effect. Well, in strictly legal terms, carelessness, when causing harm or injury to others, IS malicious. It's called, "Criminal Negligence". If you have the knowledge and experience to produce computer code you then have the responsibility to insure that any code you produce is safe. If you, being an experienced coder, produce harmful software, you are legally responsible for the harm. These people are obviously programmers. They produced dangerous, potentially harmful software. They were maliciously negligent. They should have, and did know what they were doing. Their plea of innocence would be laughed at in a court of law, and they would go to jail if harm had been done. A mother leaves a 9 month old baby in a car in 101* weather. The baby dies. The mother cries and says she didn't mean it. I say, "Mom, you murdered your child." A programmer produces malicious, theiving code. His software's dangers are discovered. The coder claims, "I didn't mean it."I say, "Coder, you are a malicious, irresponsible piece of scum. You stole my password."Glenn Flowers

[Jetstar2 1]

>I say, "Coder, you are a malicious, irresponsible piece of scum. You stole my password." Hehe, well put :) Robert Williamson

[btacon 1,772]

Absolutely.bt

[Guest GCBarni]

Interesting that this topic hasn't come up to any great extent at Flightsim.com except for a half-dozen or so entries in the Multi Player Forum

[Guest ovavp]

>I dont know if I am the only person who feels this way, but I>am dying to use this program.>>I have never gotten SBRelay and SB 2 to work with FS2004, and>I want to get on VATSIM badly, I installed SquawkWin, it looks>like a great program, but I am too scared to connect, for fear>of being terminated.>>I could care less if The Sun Team knows my PID, as long as I>can fly on VATSIM again, and it seems like I have been waiting>for SB 3 forever, and there is still no beta out!>>I think VATSIM should allow virtual pilots like me to fly with>this software, cause I dont care is I have some spyware.>>Just my 2 centsEven if you get by with using it, you stand to lose your VATSIM membership. I have read many posts to this thread stating that there is no harm in The Sun Team having access to VATSIM ID's and passwords. I totally disagree.If The Sun Team wanted to, and since they refuse to identify themselves, I have no reason to believe they are above doing so, they could easily log onto the VATSIM network and wreak havoc. ALL UNDER A VATSIM ID THAT BELONGS TO SOMEONE ELSE!!!! They get back at VATSIM (and it seems they are quite hostile to both VATSIM and IVAO) and somebody else takes the fall.They're not getting my info, cuz I won't use that program. Besides, I don't know what OTHER info about me, they are collecting. Add to that the fact that it appears this software was put together quite hastily, I'll wait for SB3 thank you very much. Ever heard the saying "Haste makes waste?"OVAVP

[Guest vitalis]

Sir may i invite you to use the new network www.globalsim.orgi my self was and still member of vatsim and ivao, and now member of Globalsim, and i have to admit squawkwin is a great software.if you want to know or ask the history of it go to visit de maker of the software squawkwin at www.squawkwin.com.find out what is true... i didn't find trojan horsebest regards globalsimmer:)