The way Dave Thomas describes it, he and his staff were trying to track down a series of unusual bugs in Windows, when they stumbled across something that really worried them. There, on their screens along with the code they were debugging, was the name and password they'd just used for Microsoft's Passport service. Worse, it was in plain text, and readily accessible. As he looked more deeply, he realized that creating a worm that could recover that information would be, in his words, "trivial." Thomas, who is CTO of the Oregon-based software quality assurance company, Bugtoaster, says that he wasn't really trying to get into the security business, but that this was something too obvious to let pass. It was also too important. Thanks again to Louis Green for this shocking revelation, you can find out more about M$ passport service in the Offical Microsoft Whitepaper.