COMMAND

    MS IE (Authenticated URLs)

SYSTEMS AFFECTED

    Those running MS IE 4.x and 5

PROBLEM

    Juan Carlos Garcia  Cuartango found following.   Whenever you  are
    visiting a WEB page  or reading an HTML  e-mail you can be  acting
    as an  involuntary hacker.   Microsoft Internet  Explorer 4  and 5
    can  silently  use  authenticated  URLs  (URLs  having  user   and
    password) without your consent.   In despite of security  settings
    about User authentication IE  will send these authenticated  URLs.
    This issue does not compromise  your computer nor your data,  what
    is at risk  is your reputation,  after reading an  e-mail or after
    visiting an innocent WEB  site you can be  accused as author of  a
    site attack.   Your IP will  be traced and  made responsible of  a
    hacking attack.  Distributed hacking attacks cal also be  designed
    via  spammed  e-mail.   An  e-mail  is  distributed to thousand of
    persons every one will  perform hundreds or thousands  of attempts
    to  find  a  user/password  giving  access  to  a  site, when this
    user/password is found It can be easily e-mailed to the  malicious
    attacker.

    Netcape Browser  is also  affected but  in this  case you  will at
    least be  warned when  the authenticated  URL has  been used,  the
    incorrect behavior is that you are warned after and not before  it
    has been sent.

SOLUTION

    Microsoft will fix the issue in the next IE release, the fix  will
    alert the user whenever an authenticated URL is used.