http://www.zdnet.com:80/intweek/daily/970327x.html has an article about an SSL problem that affects both Netscape and MicrosoftIE browsers, leaking "secure" data such as credit card numbers from web pages with GET-based SSL forms on it. It was discovered by Dan Klein. There isn't specific detail about how the flaw works, but it says that it affects GET forms but not POST. Commentary from NS, MS, Gene Spafford, and Steve Bellovin. "It's like you've gone to the restaurant with your lover," Klein said. "The restaurant is there, it's private, yet when you leave the restaurant you have the menu in your hand and there's food all over your shirt." # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)