From: InfoSec News (isnc4i.org)
Date: Wed Dec 07 2005 - 00:17:54 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.osvdb.org/blog/?p=70

December 6th, 2005

Just over ten years ago (95-09-15) *Hobbit* wrote a little tool called
netcat (aka nc), swiftly dubbed the "TCP/IP Swiss Army knife".
*Hobbit* was affiliated with the l0pht, which was later purchased by
stake, which was later purchased by Symantec. At some point (circa
1998), Weld Pond ported the netcat utility to Windows. Weld was an
original member of the l0pht and later the Director of Research and
Development with stake. Weld's version was distributed at stake for
some time. Suffice it to say, the l0pht, stake and its
members/employees supported netcat's use and distribution.

Jump forward to today, and Symantec now classifies netcat on a system
as a High Risk Impact. As aj reznor asked, "is that to say that SYM
bought a company known then for offering naughty things?" Let us also
remember that Symantec owns SecurityFocus which conveniently offers
the tool in their tool repository.

Also amusing are Symantec's "technical details" for this "hacker
tool":

  Hacktool.NetCat arrives as a tool commonly carried by malicious
  components and dropped on the compromised computer for remote
  exploitation.

  When Hacktool.NetCat is executed, it performs the following actions:

  1. Transmits data across network connections.

Yes, there is no number two on the list. Hopefully Symantec will have
the foresight to classify TCP/IP stacks as "Hacktool.TCPIP" and label
it a "High Risk Impact" if found on a system.

_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]