is possible -- If I can write to your /etc/hosts file it is possible -- to pretend to be you in terms of OpenID Authentication, the openID equivalent of modifying a target's getty or sshd binary to collect credentials. That certainly isn't anything to catastrophize about in my opinion. -- The Country Of The Blind, by H.G. Wells http://cronos.advenge.com/pc/Wells/p528.html