Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!philabs!seismo!hao!hplabs!sri-unix!greep@su-dsn
From: greep%su-dsn@sri-unix.UUCP
Newsgroups: net.unix-wizards
Subject: Re:  Security Problem?
Message-ID: <2648@sri-arpa.UUCP>
Date: Wed, 29-Jun-83 15:41:00 EDT
Article-I.D.: sri-arpa.2648
Posted: Wed Jun 29 15:41:00 1983
Date-Received: Fri, 1-Jul-83 10:31:45 EDT
Lines: 8

Other tactics include looking in the Arpanet directory or just trying
common names.  In addition, many Unix sites have a "who" login that
runs the "who" or "finger" program, and most tops-20 sites let you
run "finger" or "systat" without being logged in.  In fact, you can
(at least with some dec-20's) run finger with a null argument and
get a list of every user (not just those logged in).  It is generally
agreed that keeping user names secret is not a reasonable thing to
do -- that's what passwords are for.