No subject

Bret Busby
.........................


 KeyLabs Tests Confirm...

 Internet Explorer 5 Displays
 FTP User Names and Passwords

 FORGET ABOUT the theoretical security holes in Internet Explorer 5 you've been
reading
 about lately -- you know, the ones that have never caused anyone in the known
universe
 any harm and probably never will because an army of ultra high-level hackers
would be
 required to open the hole.

 For a refreshing change of
 pace, here's one that bites
 Internet Explorer 5 users every time they access a password protected FTP site,
revealing
 their User Name and Password. Best of all, no "malicious hackers" are required! 

 To expose yourself (or rather your User Name and Password), all you have to do
is access a
 password protected FTP site. After typing your User Name and Password, you will
be granted
 access to the site. 

 When you double-click a file to download it from the FTP site, a fascinating
bit of information
 appears at the bottom of the screen. There your User Name and Password are
displayed for
 all to see in the form ftp://UserName: Password at test.com/filename.txt, where
test.com is the
 FTP site and filename.txt is the file you're downloading.

 In the above screenshot supplied by KeyLabs, the User Name was "BugNet," and
the
 Password was "CanYouSeeMe."

 Depending on the size of the file being downloaded, Internet Explorer 5 users
could have their
 privates exposed to fellow workers, people wandering through the office, etc.
for hours at a
 time.

 Microsoft was not immediately available for comment.

                                                                        -- Bruce
Brown