I have recently found a bug in the Trillian messager program. When you check your email, your username and password are transfered in cleartext. For example, if I want to check hotmail:

https://loginnet.passport.com/cgi-bi...wd=my_password

Where my_username and my_password are usernames and passwords respectively This vulnerability would be great for packet sniffing, either local to the computer or on the network.

-Lone1337