Grrr... my first reply got lost in the cookie bug/problem... *sigh* Must-remember-to-copy-and-submit...

These days, finger is pretty much thought of as nothing better than a simple enumeration tool used to garnish information off of the system from a network connection (which is otherwise obtainable in other local means). It tells you neat things like the username, login, home directory, default shell and a whole host of other things (including the optional fields to the GECOS in the password and it reads the .plan and .project files out of the home directory). Since it runs as root, it used to be fairly easy to trick the thing in to giving you access to files that you otherwise shouldn't have had access to (ie. priviledge elevation sort of stuff).

Most secure networks disable finger or replace it with a benign version to return something generic. My systems tend to simply spit back the same information returned in whois (ie. the company name and address and a pointer to hostmaster@mydomain) or even a stupid "why are you looking here?" sort of reply... the short C-routines also log the connection and alert me as to the idea that someone's traversing finger.

Hope that helps a bit!