This article was posted to the Usenet group alt.hackers in
1995; any technical information is probably outdated.
Parent Parent
Re: What is the problem with Finger?
Article: 7550 of alt.hackers From: gkb@aber.ac.uk (Gary Barnes) Newsgroups: alt.hackers Subject: Re: What is the problem with Finger? Date: 27 Mar 1995 11:58:00 +0100 Organization: Systems and Networking Section, Computer Unit, University of Wales, Aberystwyth Lines: 37 Approved: This time, forgot last time, DUH! Message-ID: 3l65no$4ng@osfb.aber.ac.uk NNTP-Posting-Host: osfb.aber.ac.uk Status: RO
In article <3l4s01$427@geraldo.cc.utexas.edu>, Ayman M. El-Khashab <ayman@ccwf.cc.utexas.edu> wrote: :-----BEGIN PGP SIGNED MESSAGE----- : :marlowe (marlowe@io.com) wrote: : :: : Finger was removed from the system by the administrators as a possible :: : security hole. : :: So, I'll bite. Does anyone know what the security hole is in finger? I :: can understand not wanting to have anyone be able to finger in, but why :: wouldn't the admins what me to finger out? : :By not allowing finger, nobody can see all of the users on the system. :But it is really a pain, if you want a public key or phone number or :something else. ObHack: Not being able to finger _OUT_ is very easy to get around: To finger a particular user: telnet machinename 79<CR> username<CR> To list users on a machine: telnet machinename 79<CR> <CR> Gaz -- /\./\ gkb@aber.ac.uk (Gary "Wolf" Barnes) ( - - ) "Sir, we just can't surrender, they... \ " / they do something very complicated" ~~~ - Kryten "The Smegups"
Parent Parent