At 10:30 AM 7/1/00 -0500, Jim Reimer wrote:
>Actually, it's college. Interesting that the sys admin has shut down finger
>on the machine with the student accounts, but not on the one with the faculty
>and lab asssistant accounts.
>
>In what way does finger pose a risk (to the system)?
Two that are immediately obvious.
1. It tells anyone who asks how recently ane account was used.
2. Depending on the specifics of the system, it can provide personal
information about the account holder, information that (often) helps in
password searches.
I'm not in the business (or hobby) of breaking into systems. Someone who is
could probably identify other vulnerabilities as well. (There was an actual
security hole in fingerd at one point, I seem to recall, but I expect that
was fixed long ago.)
--
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
