cos@chaos.cs.brandeis.edu (Ofer Inbar) (06/22/91)
Two things I'd like to point out: Any site on the Internet that runs fingerd is routinely giving away login names to all who want them. Login names are not difficult to find, so the fact that /etc/passwd gives them away is no big deal (in most cases). There are legitimate uses for accounts with no passwords. For example, an account with a "login shell" of /bin/who. Many of you probably use these, and know about them, but are overlooking them when you say things like "If I run grep :: /etc/passwd and get *anything* back ..." -- Cos (Ofer Inbar) -- cos@chaos.cs.brandeis.edu -- WBRS (BRiS) -- WBRS@binah.cc.brandeis.edu WBRS@brandeis.bitnet FidoNet: Ofer Inbar on 1:101/310 -- Ofer.Inbar@f310.n101.z1.fidonet.org The Boston Computer Society IBM PC User Group TBBS, (617) 332-5584
brendan@cs.widener.edu (Brendan Kehoe) (06/24/91)
cos@chaos.cs.brandeis.edu wrote: >Any site on the Internet that runs fingerd is routinely giving away >login names to all who want them. Login names are not difficult to >find, so the fact that /etc/passwd gives them away is no big deal (in >most cases). So does your email address above. -- Brendan Kehoe - Widener Sun Network Manager - brendan@cs.widener.edu Widener University in Chester, PA A Bloody Sun-Dec War Zone