finger for pugkey
Mon Jul 7 20:57:03 2003
-----BEGIN PGP SIGNED MESSAGE-----
John Clizbe wrote:
| CL Gilbert wrote:
|>I noticed that finger has a way for you to include your public key. So
|>I am wondering what everyone thinks about the security of finger? I am
|>thinking of opening my home linux box so people can finger my account to
|>get the info, and any other info I include.
|>Their are no ports open on my firewall except ssh to my local Linux box.
|>~ And that is only open to certificates, so password cracking is not a
|>Any ideas on the security of this?
| finger's main problem is that it makes it easy for intruders to get a list
| of users on your system, which can dramatically increase the intruder's
| chances of breaking into your system. One would also scrub the files
| finger prints of any personal information not wanted to be disclosed.
| Finger's claim to infamy was one line of code exploited by Robert Morris
| in 1988's Internet Worm episode. It was a buffer overflow that caused
| fingerd to execute a shell.
| If you are running finger of this vintage, you probably have many more
| severe problems to worry about <G>.
| John P. Clizbe Inet: JPClizbe AT attbi DOT com
| Golden Bear Networks PGP/GPG KeyID: 0x608D2A10
| "Most men take the straight and narrow. A few take the road less
| traveled. I chose to cut through the woods."
| "There is safety in Numbers... *VERY LARGE PRIME* Numbers
| 9:00PM Tonight on _REAL_IRONY_: Vegetarian Man Eaten by Cannibals
Ahh forget it. I guess opening 22 is as far as I am willing to go :)
Maybe Ill post .asc on my home website.
Now if mozdev.org would emerge from the attack I could get enigmail
going on my mozilla1.4 install and dump this 1.3...
Gnupg-users mailing list
Free Java interface to Freechess.org
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----