Hello. Thanks for the reply. The behaviour is not consistent - usually only the first login or sudo of the day or immediately after any password changes to a particular account. Even if I reboot the numlock stays on after previously flicking off that same day. Also, when I initially installed 13.1 using cd install the numlock light stayed on whenever entering a password (sudo, email login, etc.). But after I did all the upgrades to bring it up to current, the numlock started flicking off. When I re-installed 13.1 using web install the behaviour started immediately. And when I upgraded to 13.2 the behaviour continued. I really like OpenSUSE, but since I deal with infrastructure (potentially sensitive CAD) documents and information I can't take any chances. I used AVG free antivirus 2013, clamscan, rootkithunter, lynis, tcpdump (to trap any remote connections - apparently modern keyloggers have the ability to detect if an interface is being monitored and delay sending info), wireshark, host blacklists. I even tried changing all the pinentry routines to the latest versions and monitored all such using gdb - no catches at all. But the behaviour still continued. The only thing I did not do was install all the upgrades since the base installation packages one at a time to see which one made the difference, since there was no way to determine if various avoidance strategies were being used, which is what a smart attacker would do. By the way, since the brakes on my car have released suddenly while stopped at an intersection I am assuming these guys are serious. Also, the cars in front of me have had their brakes deploy suddenly for no reason, while the car beside me slowed down with me (blocking me in), requiring emergency braking on my part - again, these guys are serious. The problems with man-in-the-middle attacks are ongoing - some days logging in to hot/g mail with the wrong username works, some times it doesn't. Constant vigilance, etc. Dean Makowecky --