From owner-freebsd-questions  Thu Nov 21 20:36:34 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 225F537B401
	for <freebsd-questions@freebsd.org>; Thu, 21 Nov 2002 20:36:33 -0800 (PST)
Received: from kanga.honeypot.net (kanga.honeypot.net [208.162.254.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8B6D543E88
	for <freebsd-questions@freebsd.org>; Thu, 21 Nov 2002 20:36:31 -0800 (PST)
	(envelope-from kirk@strauser.com)
Received: from pooh.lan.honeypot.net (mail@pooh.lan.honeypot.net [10.0.1.2])
	by kanga.honeypot.net (8.12.6/8.12.6) with ESMTP id gAM4aIZk029256
	for <freebsd-questions@freebsd.org>; Thu, 21 Nov 2002 22:36:18 -0600 (CST)
	(envelope-from kirk@strauser.com)
Received: from kirk by pooh.lan.honeypot.net with local (Exim 3.36 #1 (Debian))
	id 18F5YA-00048I-00
	for <freebsd-questions@freebsd.org>; Thu, 21 Nov 2002 22:36:18 -0600
To: freebsd-questions@freebsd.org
Subject: Re: enabling finger - why not?
References: <20021121191500.Q5341-100000@boris.st.hmc.edu>
From: Kirk Strauser <kirk@strauser.com>
Date: 21 Nov 2002 22:36:18 -0600
In-Reply-To: <20021121191500.Q5341-100000@boris.st.hmc.edu>
Message-ID: <87el9erzjx.fsf@pooh.lan.honeypot.net>
Lines: 15
X-Mailer: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


At 2002-11-22T03:18:29Z, Jeff Jirsa <jeff@unixconsults.com> writes:

> Finger is relatively safe. Most of the arguments for not allowing it
> involve privacy rather than security (I don't really like people knowing
> when I log in and out, if they need to bother me, there are better ways to
> track me down).

Well, privacy and security are almost directly related in this case.  finger
gives a nice route for would-be attackers to get a list of usernames from
the system in that it's a pretty quick way to do a dictionary attack of
names against a server.
-- 
Kirk Strauser
In Googlis non est, ergo non est.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message