Date: 21 Nov 2002 22:36:18 -0600 From: Kirk Strauser <kirk@strauser.com> To: freebsd-questions@freebsd.org Subject: Re: enabling finger - why not? Message-ID: <87el9erzjx.fsf@pooh.lan.honeypot.net> In-Reply-To: <20021121191500.Q5341-100000@boris.st.hmc.edu> References: <20021121191500.Q5341-100000@boris.st.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2002-11-22T03:18:29Z, Jeff Jirsa <jeff@unixconsults.com> writes: > Finger is relatively safe. Most of the arguments for not allowing it > involve privacy rather than security (I don't really like people knowing > when I log in and out, if they need to bother me, there are better ways to > track me down). Well, privacy and security are almost directly related in this case. finger gives a nice route for would-be attackers to get a list of usernames from the system in that it's a pretty quick way to do a dictionary attack of names against a server. -- Kirk Strauser In Googlis non est, ergo non est. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87el9erzjx.fsf>