Don't know how many of you read Schneier's blog but this is interesting http://www.schneier.com/blog/archives/2007/08/how_a_linux_ser.html Partly for the story itself and partly for the comments which basically come to the conclusion that the forensic job was sloppy but the attacker seemed to be even more sloppy. R