> In this specific case, the perps broke into the name server at the ISP >
Well, they could have actually also hacked the web server itself and stolen the cert. Usually certs are put up without the private key, so you can start the httpd without the passphrase question. So, there wouldn't have been any hurdle to just use it on the fake server as well. Kai -- Kai Sch�tzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ClubWin - Help for Windows Users: http://www.clubwin.com
