This article was posted to the Usenet group alt.hackers in
1995; any technical information is probably outdated.
Parent
Re: What is the problem with Finger?
Article: 7546 of alt.hackers From: so@eiffel.cse.psu.edu (Nicol C So) Newsgroups: alt.hackers Subject: Re: What is the problem with Finger? Date: 27 Mar 1995 01:58:36 GMT Organization: Computer Science and Engineering, Penn State University Lines: 14 Approved: news@cse.psu.edu Message-ID: 3l564c$muj@psuvax1.cse.psu.edu NNTP-Posting-Host: eiffel.cse.psu.edu Status: RO
In article <3l4nc5$207@illuminati.io.com> marlowe@io.com (marlowe) writes: > >So, I'll bite. Does anyone know what the security hole is in finger? I >can understand not wanting to have anyone be able to finger in, but why >wouldn't the admins what me to finger out? Beats me. But as long as you can telnet out, you don't really need the finger command. Just telnet to the remote machine and talk to the finger daemon directly. Example: %telnet <host address> 79 [bunch of telnet messages] <user's login followed by RETURN>
Parent