KeyLabs Tests Confirm...
August 11, 1999
Internet Explorer 5 Displays
FTP User Names and Passwords
FORGET ABOUT the theoretical security holes in Internet Explorer 5 you've been reading about lately -- you know, the ones that have never caused anyone in the known universe any harm and probably never will because an army of ultra high-level hackers would be required to open the hole.
For a refreshing change of pace, here's one that bites Internet Explorer 5 users every time they access a password protected FTP site, revealing their User Name and Password. Best of all, no "malicious hackers" are required!
To expose yourself (or rather your User Name and Password), all you have to do is access a password protected FTP site. After typing your User Name and Password, you will be granted access to the site.
When you double-click a file to download it from the FTP site, a fascinating bit of information appears at the bottom of the screen. There your User Name and Password are displayed for all to see in the form ftp://UserName: Password@test.com/filename.txt, where test.com is
the FTP site and filename.txt is the file you're downloading.
In the above screenshot supplied by KeyLabs, the User Name was "BugNet," and the Password was "CanYouSeeMe."
Depending on the size of the file being downloaded, Internet Explorer 5 users could have their privates exposed to fellow workers, people wandering through the office, etc. for hours at a time.
Microsoft was not immediately available for comment.
bugnet.com
A great source for all sorts of computer bugs. |
