HP dons white hat to hack customers' servers

Usually the term "hacking" has some rather negative connotations, so it almost seems counterintuitive to pay someone good money for breaking into your system, but that's exactly what HP is offering to do for its corporate customers with a new service called HP Active Countermeasures, or HPAC. As you'd imagine, HP's hackers won't do anything malicious once they break into a client's server -- propagating a worm, for instance, would seem to be bad for business -- but they will use a combination of buffer, heap, and stack overflows to exploit a system in much the same way that black hatters cause Internet terror on a daily basis. Specifically, the company will employ one of its own servers to launch attacks using eight to ten scanning clients for every 250,000 devices that are part of the program, and offer customers a temporary patch until they're able to hire a dedicated security firm for shoring up any vulnerabilities. Pricing is promised to be "aggressive," with firms using less than 20,000 IP addresses expected to pay only a few dollars per user per year for the privilege of learning how shoddy their security really is.

[Via The Inquirer]