Kenneth Porter said: >If you know how the password is stored, you don't even need to launch >Outlook to actually connect to the ISP server. The same vulnerability would
>also work with Thunderbird; you'd just need to know how to extract the >saved password from the Mozilla profile. Even though that may be correct in theory, isn't there one-way encryption involved for these passwords? (you know, the kind which can't be retrieved by anyone, only reset). But even if that is not the case, regular strong encryption ought to be enough. Also, is there a virus, worm, or other exploit in existence which has been able to do this? Rob McEwen
