14 Mar
2007
14 Mar
'07
9:15 p.m.
Message: 15
Date: Wed, 14 Mar 2007 03:36:06 -0400
From: Dave McGuire <mcguire at neurotica.com>
Subject: Re: ftp archives disappearing?
To: "General Discussion: On-Topic Posts Only" <cctech at classiccmp.org>
Message-ID: <D8CAA477-9A46-4B00-8447-CAC38C4AC832 at neurotica.com>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On Mar 13, 2007, at 2:45 PM, Jim Leonard wrote:
There is absolutely no need to be a smartass. I make a living
running fairly large networks...and not for clueless organizations
who depend on the crutch of a firewall to implement a secure
network. I use "talk" fairly frequently, it works just fine.
-Dave
--
Dave McGuire
Port Charlotte, FL
I have seen some ontopic books (UNIX, 10 years old now) that strongly
recommend disabling finger to prevent unauthorized types from finding
likely targets among the accounts. Since then, finger services (such as
cfingerd) have become less of an issue because you can limit some
information, but it's likely that the old maxim still holds, as well as
the new one: if you don't positively need it than don't turn it on. Too
bad, though: 'finger' was nice when you wanted to get an e-mail address
that you weren't certain of. (after the demise of finger in general
circulation I used to connect to port 25 and try a couple of vrfys-
can't do that anymore in most places, but it's a "legitimate" need for
port 25, right?)
apophis$
which finger
/bin/finger
apophis$ which talk
/bin/talk
...looks to me like they're still there.
Yes, actually try to use them across networks. There are these
funny little things on the outside of most organizations called
"firewalls", maybe you've heard of them. 
14 Mar
14 Mar
9:54 p.m.
New subject: fingerd was Re: ftp archives disappearing
I have seen some ontopic books (UNIX, 10 years old
now) that strongly
recommend disabling finger to prevent unauthorized types from finding
likely targets among the accounts. Since then, finger services (such as
cfingerd) have become less of an issue because you can limit some
information, but it's likely that the old maxim still holds, as well as
the new one: if you don't positively need it than don't turn it on. Too
bad, though: 'finger' was nice when you wanted to get an e-mail address
that you weren't certain of.
So write one that doesn't give away the store. I did; it's just a Perl
script hooked up to inetd with some logging. finger is so simple it can
barely be considered a "protocol."
--
--------------------------------- personal: http://www.armory.com/~spectre/ ---
Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckaiser at floodgap.com
-- Critics are the unpaid guardians of my soul. -- E. Stanley Jones -----------
15 Mar
15 Mar
3:34 a.m.
On Mar 14, 2007, at 9:15 PM, Scott Quinn wrote:
I have seen some ontopic books (UNIX, 10 years old
now) that
strongly recommend disabling finger to prevent unauthorized types
from finding likely targets among the accounts. Since then, finger
services (such as cfingerd) have become less of an issue because
you can limit some information, but it's likely that the old maxim
still holds, as well as the new one: if you don't positively need
it than don't turn it on. Too bad, though: 'finger' was nice when
you wanted to get an e-mail address that you weren't certain of.
(after the demise of finger in general circulation I used to
connect to port 25 and try a couple of vrfys- can't do that anymore
in most places, but it's a "legitimate" need for port 25, right?)
Yeah, and I just ran a Nessus scan against a web server at work,
and it recommended that I close port 80 because it's a potential
security risk. The only way the data on a machine is 100% secure is
if the machine is disconnected from the network, powered off, and
sitting in a closet. If one requires more usefulness than that
configuration provides, there is going to be some element of risk.
There's just no way around it.
-Dave
--
Dave McGuire
Port Charlotte, FL
11:31 a.m.
The only way
the data on a machine is 100% secure is
if the machine is disconnected from the network, (...)
This is why I personally recommend Comcast broadband. 
11:35 a.m.
From: "Tore Sinding Bekkedal" <toresbe at ifi.uio.no>
On Thu, 2007-03-15 at 03:34 -0400, Dave McGuire
wrote:
But dial-up is almost as good and so much cheaper :).
Vince
The only way the data on a machine is 100% secure
is
if the machine is disconnected from the network, (...)
This is why I personally recommend Comcast broadband.
6329
days inactive
6334
days old
5 comments
5 participants
participants (5)
-
compoobah@valleyimplants.com -
mcguire@neurotica.com -
spectre@floodgap.com -
toresbe@ifi.uio.no -
vrs@msn.com