Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!linus!philabs!seismo!hao!hplabs!sri-unix!greep@su-dsn From: greep%su-dsn@sri-unix.UUCP Newsgroups: net.unix-wizards Subject: Re: Security Problem? Message-ID: <2648@sri-arpa.UUCP> Date: Wed, 29-Jun-83 15:41:00 EDT Article-I.D.: sri-arpa.2648 Posted: Wed Jun 29 15:41:00 1983 Date-Received: Fri, 1-Jul-83 10:31:45 EDT Lines: 8 Other tactics include looking in the Arpanet directory or just trying common names. In addition, many Unix sites have a "who" login that runs the "who" or "finger" program, and most tops-20 sites let you run "finger" or "systat" without being logged in. In fact, you can (at least with some dec-20's) run finger with a null argument and get a list of every user (not just those logged in). It is generally agreed that keeping user names secret is not a reasonable thing to do -- that's what passwords are for.