HP dons white hat to hack customers' servers
By Evan Blass 
posted Jul 6th 2006 1:41PM
posted Jul 6th 2006 1:41PM
Usually the term "hacking" has some rather negative connotations, so it almost seems counterintuitive to pay someone good money for breaking into your system, but that's exactly what HP is offering to do for its corporate customers with a new service called HP Active Countermeasures, or HPAC. As you'd imagine, HP's hackers won't do anything malicious once they break into a client's server -- propagating a worm, for instance, would seem to be bad for business -- but they will use a combination of buffer, heap, and stack overflows to exploit a system in much the same way that black hatters cause Internet terror on a daily basis. Specifically, the company will employ one of its own servers to launch attacks using eight to ten scanning clients for every 250,000 devices that are part of the program, and offer customers a temporary patch until they're able to hire a dedicated security firm for shoring up any vulnerabilities. Pricing is promised to be "aggressive," with firms using less than 20,000 IP addresses expected to pay only a few dollars per user per year for the privilege of learning how shoddy their security really is.[Via The Inquirer]
IBM has been doing this for years, but not just a server, but acutal teams of people. I wonder if HP will be as good, or maybe cheaper in price?
WOW! Hey that's just like a lite version of the penetration assessments security engineers have been contracted to do by my clients for years! what breaking news! Glad to see HP is on the cutting edge of Pro-services! Maybe soon they could host peoples networks and websites for them! they could call it HP Managed Services!! HPMS, or hPMS for the iPod crowd. I love when companies catch up with the little guys and then get headlines.
Anyone at HP interested in my Resume?
The thing is, that people can easily forget those services exist. When a big name comes in to announce that it's their turn, it reinvigorates the requests for such services from all providers.
When it comes to security, there can never be enough.
With HP rolling out such services, it too seems to be trasitioning into the service based company that IBM too is transforming into.
What could be next? The selling of their consumer desktop/laptop division to Asian company?
Anything sold to an Asian company means it'll be better.
Do they also come into the office and snoop around for passwords written on employees' desks? A system can be completely invulnerable to hacks, but employee stupidity can still cost a company billions.