Ik kwam bij Coolinfo deze info tegen over een kever in Explorer 5: die laat je password in de status bar zien als je een file van een ftp site aan het downloaden bent. Zelf gebruik ik gelukkig geen IE, dus hier heb ik mooi geen last van :
BugNet, an online listing of security alerts, is warning Internet Explorer 5 users about a security hole that can lead to their user name and password being exposed when they access an FTP password-protected site.
The flaw reveals the information after users type a password to log on to an FTP site, then double-click on a file to download it, according to BugNet. During the download, the user name and password appear at the bottom of the screen as "ftp://UserNameassword@test.com/filename.txt," where test.com is the FTP site and filename.txt is the file being downloaded.
BugNet proposes that downloading larger files could expose the private information for long periods of time.
KeyLabs, an independent testing facility in Lindon, Utah, confirms the flaw, according to BugNet.
Microsoft says it is not aware of the problem but will look into the report, according to a company representative.
"If this issue does in fact pose a security risk to our customers, we will move quickly to provide them with a solution," the representative says.