Greetings, Sorry if I'm late to this subject, but I had a light bulb go off recently WRT X keyboard sniffing and I was hoping one of you might be able to help. I've known about 'xkey' and the like for several years now, and have a pretty good understanding of host vs. user based authentication as it relates to the X server. I had believed that X keyboard sniffing was made slightly harder by the obscurity of programs like 'xkey'. But to my amazement, I found that the standard 'X11/bin' programs 'xwininfo' and 'xev' can be used to sniff keystrokes, assuming that one can connect to the X server. All I have to do is 'xwininfo -root -tree -display <host>:<dpy>' and look for the window id of the window I'm interested in. Then I just 'xev -id <id>' and I'm watching keystrokes. I have a pretty clear notion that X isn't secure, and being able to connect to the X server is a big can of worms, but I never realized that standard tools could be used this way. "doctor, it hurts when I do that" doctor: "so don't do that"... So protect the X server... Maybe don't use X, but that's real convenient. But is there anything else I can do, short of removing 'xev' that would make sense? Even if I remove it, someone else can build one. So is there anything I can do? Thanks. Paul Howell Computer Aided Engineering Network, The University of Michigan 2121 Bonisteel Drive voice: (313)936-2486 Ann Arbor, MI 48109-2092 fax: (313)936-3107