A couple of posts have raised the issue of doing the FV keyboard-capture attack using Java. |However, I don't know much about Java, would it be possible to make such an |applet with Java? The only events a Java applet is privy to are those that are typed in an applet window (and only those it itself spawned). So if a user types their credit card number in an applet window, the applet could send the information back to its server (and to that server only). In theory, it is possible to make an applet which appears to be selling something, get people to visit the page it's on, convince these people to enter their credit card numbers, and send those back to the server of origin. Of course, once this happens, you always know what host the applet came from (unless the thief, in order to get a few credit card numbers, has hacked DNS so that it's harder to track it). That's the extent of the risk. -- Benjamin Renaud Java Products Group