This article was posted to the Usenet group alt.hackers in
1995; any technical information is probably outdated.
Parent
Re: What is the problem with Finger? Hackaround
Article: 7551 of alt.hackers Newsgroups: alt.hackers From: Hans Baumgartner <hb@malibu.sarnoff.com> Subject: Re: What is the problem with Finger? Hackaround Content-Type: text/plain; charset=ISO-8859-1 Message-ID: D63wsC.HLu@nova.sarnoff.com X-Xxmessage-Id: <AB9C4CEB340109D8@hbaumgartner.sarnoff.com> X-Xxdate: Mon, 27 Mar 1995 11:07:23 GMT Sender: usenet@nova.sarnoff.com Content-Transfer-Encoding: 8bit Organization: DSRC X-Newsreader: Nuntius 2.0.1_PPC Mime-Version: 1.0 Date: Mon, 27 Mar 1995 16:07:23 GMT Approved: for genral audiences Lines: 25 Status: RO
In article <3l4nc5$207@illuminati.io.com> marlowe, marlowe@io.com writes: > Finger was removed from the system by the administrators as a possible >: security hole. >So, I'll bite. Does anyone know what the security hole is in finger? I >can understand not wanting to have anyone be able to finger in, but why >wouldn't the admins what me to finger out? > Your admins are dorks. As a finger proponent, here is the simple hack around. If you have telnet then removing /bin/finger is like hiding your house key without closing the door! Just type (where buddy@somesite.com is who you want to finger) telnet somesite 79 when you connect to the remote system, type buddy (or buddy@somesite.com) ----Bingo, you have just fingered out! You can construct a script to do this. ...but don't call it finger or your admin will be unhappy. This response is my tinyhack. For more finger fun: http://rsrch1.cit.cornell.edu:79/ hab3 (include the space before hab3) ---Hans
Parent