The breach was uncovered by ZDNet's AnchorDesk Technical Director Jon DeKeles and confirmed by Microsoft. DeKeles says your Web surfing is easily exposed if you browse with IE 5 on a Windows 98 platform.
How it works:
You legitimately go to a secure Web site, giving your login and password. You cruise the site. The pages you visit are stored in your cache. You log off and leave your computer thinking you're safe. But you're not. The next person who sits at your machine can easily return to those sites. When prompted for your password, the snoop merely presses "cancel," the "back" button, the "forward" button, and presto -- he can go wherever you've been online.
DeKeles says the Web site must be using Unix' "htaccess".
DeKeles consulted with other ZDNet technical experts Monday to confirm the security breach. Mike Nichols, Microsoft's US Product Manager for Windows, confirmed the problem.
Microsoft does not yet have a fix, and is investigating whether it affects IE 5 on Windows NT.
A quick fix: Clear your cache whenever you leave your machine.