The Finger protocol reference article from the English Wikipedia on 24-Jul-2004
(provided by Fixed Reference: snapshots of Wikipedia from wikipedia.org)

Finger protocol

Videos show Africa through the eyes of children
The finger protocol is a simple network protocol based on RFC 1196 (The Finger User Information Protocol). Typically the server side of the protocol is implemented by a program "fingerd" (for finger daemon), while the client side is implemented by the "name" and "finger" programs. The program is supposed to return a friendly, human-oriented status report on either the system at the moment or a particular person in depth. There is no required format, and the protocol consists mostly of specifying a single command line. It is most often implemented on Unix or Unix-like systems.

The program would supply information such as whether a user is currently logged-on, e-mail address, full name etc. As well as standard user information, finger displays the contents of ".plan" file in the user's home directory. Often this file (maintained by the user) contained either useful information about the user's current activities, or alternatively all manner of humor.

Supplying such detailed information was considered acceptable and convenient in the early days of the Internet, but later was considered questionable for privacy and security reasons. Finger information has been frequently used by crackerss as a way to initiate a social engineering attack on a company's computer security system. By using a finger client to get a list of a company's employee names, email addresses, phone numbers, and so on, a cracker can telephone or email someone at a company requesting information while posing as another employee. Information garnered from finger can be used both to find an employee to contact directly, and to more effectively pose as an existing employee. The finger daemon has also had several exploitable security holes which crackers have used to break into systems.

For these reasons, while finger was widely used during the early days of Internet, by the 1990s the vast majority of sites on the internet no longer offered the service. Notable exceptions include John Carmack, who still updates his status information occasionally.

History

The finger protocol is based on the NAME/FINGER Protocol (RFC 742) which provides an interface to the name and finger programs. The finger program was written by Les Earnest in 1971. Earnest created the program to solve the need of users who wanted information on other users of the network. Information on who is logged-in was useful to check the availability of a person to meet, or to look for volleyball players to play.

Prior to the finger program, the only way to get this information was with a who program that showed IDs and terminal line numbers for logged-in users, and people used to run their fingers down the "who" list. Earnest named his program after this concept.

External links