Security Problem?

[greep%su-dsn at sri-unix.UUCP]

Other tactics include looking in the Arpanet directory or just trying
common names.  In addition, many Unix sites have a "who" login that
runs the "who" or "finger" program, and most tops-20 sites let you
run "finger" or "systat" without being logged in.  In fact, you can
(at least with some dec-20's) run finger with a null argument and
get a list of every user (not just those logged in).  It is generally
agreed that keeping user names secret is not a reasonable thing to
do -- that's what passwords are for.