finger for pugkey

CL Gilbert
Mon Jul 7 20:57:03 2003

Hash: SHA1

John Clizbe wrote:
| CL Gilbert wrote:
|>I noticed that finger has a way for you to include your public key.  So
|>I am wondering what everyone thinks about the security of finger?  I am
|>thinking of opening my home linux box so people can finger my account to
|>get the info, and any other info I include.
|>Their are no ports open on my firewall except ssh to my local Linux box.
|>~ And that is only open to certificates, so password cracking is not a
|>Any ideas on the security of this?
| finger's main problem is that it makes it easy for intruders to get a list
| of users on your system, which can dramatically increase the intruder's
| chances of breaking into your system. One would also scrub the files
| finger prints of any personal information not wanted to be disclosed.
| Finger's claim to infamy was one line of code exploited by Robert Morris
| in 1988's Internet Worm episode. It was a buffer overflow that caused
| fingerd to execute a shell.
| If you are running finger of this vintage, you probably have many more
| severe problems to worry about <G>.
| --
| John P. Clizbe                   Inet:   JPClizbe AT attbi DOT com
| Golden Bear Networks             PGP/GPG KeyID: 0x608D2A10
|   "Most men take the straight and narrow. A few take the road less
| traveled.  I chose to cut through the woods."
|   "There is safety in Numbers... *VERY LARGE PRIME* Numbers
| 9:00PM Tonight on _REAL_IRONY_:  Vegetarian Man Eaten by Cannibals

Ahh forget it.  I guess opening 22 is as far as I am willing to go :)
Maybe Ill post .asc on my home website.

Now if would emerge from the attack I could get enigmail
going on my mozilla1.4 install and dump this 1.3...

Gnupg-users mailing list

- --
Thank you,

CL Gilbert
Free Java interface to
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard
Pretty Good Privacy (PGP), windows
users should try that.
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -