Flashget 0.9 - 1.2 Local DialUp Password Hi-Jacking *************************************************** Discovered by Rafel Ivgi, The-Insider. http://theinsider.deep-ice.com (This Is My First Advisory!) Whenever a user sets flashget to dial-up to the internet he types his username & password. This sensitive data is being saved at the registery without no encryption!. It saved as hex data at the following location. [HKEY_USERS\.DEFAULT\Software\JetCar\JetCar\DialUp] "Entry"="<connection name>" "UserName"="<dialup username>" "Password"=hex:'<dialup password'<
