finger for pugkey

CL Gilbert Lamont_Gilbert@RigidSoftware.com
Mon Jul 7 20:57:03 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Clizbe wrote:
| CL Gilbert wrote:
|
|
|>I noticed that finger has a way for you to include your public key.  So
|>I am wondering what everyone thinks about the security of finger?  I am
|>thinking of opening my home linux box so people can finger my account to
|>get the info, and any other info I include.
|>
|>Their are no ports open on my firewall except ssh to my local Linux box.
|>~ And that is only open to certificates, so password cracking is not a
|>possibility.
|>
|>Any ideas on the security of this?
|>
|
| finger's main problem is that it makes it easy for intruders to get a list
| of users on your system, which can dramatically increase the intruder's
| chances of breaking into your system. One would also scrub the files
| finger prints of any personal information not wanted to be disclosed.
|
| Finger's claim to infamy was one line of code exploited by Robert Morris
| in 1988's Internet Worm episode. It was a buffer overflow that caused
| fingerd to execute a shell.
|
| If you are running finger of this vintage, you probably have many more
| severe problems to worry about <G>.
|
| --
| John P. Clizbe                   Inet:   JPClizbe AT attbi DOT com
| Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
|   "Most men take the straight and narrow. A few take the road less
| traveled.  I chose to cut through the woods."
|   "There is safety in Numbers... *VERY LARGE PRIME* Numbers
| 9:00PM Tonight on _REAL_IRONY_:  Vegetarian Man Eaten by Cannibals

Ahh forget it.  I guess opening 22 is as far as I am willing to go :)
Maybe Ill post .asc on my home website.

Now if mozdev.org would emerge from the attack I could get enigmail
going on my mozilla1.4 install and dump this 1.3...


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users



- --
Thank you,


CL Gilbert
Free Java interface to Freechess.org
http://www.rigidsoftware.com/Chess/chess.html
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Pretty Good Privacy (PGP) http://web.mit.edu/network/pgp.html, windows
users should try that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/CcLRVbJM14DSCi0RAin1AKDNjp9lN7KibS0KiIPrwP94CPvBmgCcD6DD
GnpK0HBf4zDqrtp5ZlWiy+0=
=7bBA
-----END PGP SIGNATURE-----