Ok, im sure that Trillain users are aware that their password is located in a file in their trillain user/global folder called profile.ini and it is hexed or encrypted...

now what if I copy the hexed value of my password and replaced someone else's hexed value password with mine.. does that mean i can open trillian by using my password?? would that over-write his/her password with mine??

coz it says in the ini file..

Password: 6H433B9021

translated: 6H 43 3B 90 21

get me?

when i think about it.. .is it the password for access to trillian, or the networks you connect to?

It should sonic. I have had programs that store the password in plaintext in an ini file. Just to mess with the end user, I have changed the text, and it changes their password. They try for all sorts of time trying to figure out why there password isn't working, before they call me to fix it. So if it works with plain text, it should work with ciphertext also.

I don't know if this works for trillian - but personally, I would prevent that kind of password-swapping by using something computer-specific in the enoding of the password, like the date the file was made or something.