On 14 May 98 at 12:50, Stigers, Greg ~ AND wrote:

> But common sense? I looked up finger in my UNIX books, and did
> not find

The reason that I used the term "common sense" is because finger
is NOT viewed as a security problem.  This is because techies
don't consider personable information a security issue.  At
least not their's.  A security issue to them is something that
will allow someone to inconvenience them by using machine
cycles, altering system files, or generally being a nuisance.
At the next level up companies begin to feel uncomfortable about
strangers perusing their records or interfering with their
business.

My background includes a stint with the military and more than a
passing concern with security and intelligence. In my
professional opinion personal information should always be
treated as classified material.  So anything which is accessible
from the world and which will reveal private details about
users, such as their complete name, addresses, and phone
numbers, I treat as a security issue.

I consider the other things just as important as well.  But
finger is one of those unix thingies which was convenient in a
closed network and is just plain dangerous on the Internet.

Regards,
Jim
---
James B. Byrne                Harte & Lyne Limited
vox: +1 905 561 1241          9 Brockley Drive
fax: +1 905 561 0757          Hamilton, Ontario
mailto:[log in to unmask]  Canada L8E 3C3