If you use Microsoft Internet Explorer, your privacy is at risk. This new discovery is part of the bug found in MsIE a few weeks ago, but neither Microsoft nor the major computer news sources have reported on it.

All a hacker has to do is upload a batch file (.BAT) to all 4 of Internet Explorer's file caches. Doing that is simple, just imbed the file in a web document <IMG SRC=hacker.bat HEIGHT=1 WIDTH=1> four times. Since Explorer doesn't rename files in the cache, it will still be hacker.bat in all 4 caches. Then have a link to that file in the cache <A HREF="c:\windows\temporary internet files\cache3\hacker.bat">Here's a Link!</A>. When the user clicks that link and the batch file executes, it creates a text file on the hard disk with some FTP commands on it. Then the batch runs FTP.EXE which uses the text file as instructions to upload any file on the user's hard disk to an FTP of the hacker's choice.

The only limitation of this is knowing the exact name and location of the file. Since most people use the default directories, knowing the location and name of a file is no problem. It's painfully simple to get high-security files and private information from someone's pc. C:\Quicken\Quicken.ini, for example, has unencrypted credit card and bank account numbers. All the user sees is Here's a Link! , the rest is done silently behind the scenes of his computer.

Microsoft has known about this problem since mid-March, and so far no mention has been made of it. Internet Explorer 3.02 fixes this problem, just like the other known security problems, but since Ms hasn't told anyone about this noone realizes how important it is to get 3.02. One reason they haven't told anyone about it is probably Internet Explorer version 4 that Windows 98 (or Memphis) will be built around. Microsoft knows that if people are worried about their files, then they'll be more reluctant about buying that next operating system.

Microsoft makes about half of its profits from operating systems, if computer users didn't buy the OSes then Microsoft would be deeply hurt. Not telling consumers about this serious security problem is just another way to keep that MSFT stock price up. Your privacy is being threatened in order for Microsoft to keep making money.

What can you do to protect yourself from this major bug? Well, MsIE version 3.02 makes it a little harder for this to happen, but who knows what other unknown bugs are in 3.02? Netscape Navagator users are much, much safer, despite a few flaws with that browser. Another way to lower your risk is by not using the default directories; put Quicken in C:/Kwicken, for example.

This is just another in a long line of incidents that shows Microsoft would rather jeopardize your safety and privacy than loose money. But, if you're smart, if you pay attention, and if you try to avoid Microsoft's bugware, your files and your privacy will be safe.