Finger(1)
Security concerns
Supplying such detailed information as e-mail addresses and
full names was considered acceptable and convenient in the early days of networking, but later was considered questionable for privacy and security reasons. Finger information has been used by
hackers as a way to initiate a
social engineering attack on a company's computer security system. By using a finger client to get a list of a company's employee names, email addresses, phone numbers, and so on, a hacker can call or email someone at a company requesting information while posing as another employee. The finger
daemon has also had several exploitable security holes crackers have used to break into systems. For example, in 1988 the
Morris worm exploited an overflow vulnerability in fingerd (among others) to spread. The finger protocol is also incompatible with
Network Address Translation (NAT) from the private network address ranges (e.g. 192.168.0.0/16) that are used by the majority of home and office workstations that connect to the Internet through routers or firewalls nowadays.
For these reasons, while finger was widely used during the early days of the
Internet, by the late 1990s the vast majority of sites on the
Internet no longer offered the service.