digg

Facebook Connect Join Digg About

HP to hack customers' networks

news.com.com The company plans to launch a penetration-testing service for businesses in October that will use the same techniques as hackers to gain access to its customers' machines. However, the exploit code it will use will be controlled and will not propagate itself as a worm would, HP said on Tuesday.

Who dugg this? Made popular Jul 6, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

33 Comments

show profanity settings
expand all
  • thenativeraver, on 10/12/2007, -4/+26I think this might backfire on them.
  • thewebguy, on 10/12/2007, -0/+18"Customers must give permission for HP to scan their systems. They can specify that certain servers or devices are not included in the scan, if they are concerned that it would cause disruption."

    gg
  • merreborn, on 10/12/2007, -1/+12You usually can't sue someone for doing something you've specifically paid them to do.

    We're talking about people calling up HP, and paying thousands of dollars for "Penetration testing".

    I can understand your confusion, though: if you don't read the article, the digg headline is misleading. Some might even call it inaccurate.
  • merreborn, on 10/12/2007, -1/+11How would offering the same kind of penetration testing service dozens of companies already offer backfire?

  • DarkSorrow, on 10/12/2007, -1/+10DMCA (Digital Millennium Copyright Act)

    That dont appiled to HP computer. it only appiled to Copyrighted Material
  • thatsiebguy, on 10/12/2007, -1/+8It's called Penetration Testing, customers can request it.. Nothing new...
  • calu99, on 10/12/2007, -3/+10umm...did you read the story. The customer has to give permission for the testing. This is a standard security procedure, called penetration testing, not really a new thing, just new for HP.
  • donkeyking, on 10/12/2007, -1/+7Wait a minute here. I work in computer security and my company is a competitor to HP. This is old news, HP has been doing Pen Tests for a long time now for large major corporations. Sorry to burst anyones bubble but they just use Nessus to perform their "Hacking". These monkeys are just point and click people who have no idea what is going on, they just generate reports using Nessus. Trust me my company has the same type of people. Nessus is what is used by everyone. Its not some cutting edge *****. This is what annoys the ***** out of me, most of the people who work for these companies don't know *****, ever wonder why people such as Schmoo group and others don't work for them? Those are the really smart people. Come to DefCon, listen to some of the speakers and you will hear smart people. This article is lame and any Rent-a-Indian can do it.
  • dh8r, on 10/12/2007, -1/+5RTFA. Hell, if you can't do that, read the abstract more closely. Therein you will find the information to disprove your point.
  • surfing, on 10/12/2007, -0/+4New digg feature suggestion:
    Comment cannot be made until the link to the article has been clicked and loads.
  • DrPlacebo, on 10/12/2007, -2/+5Their selling a service to companies who want security...
    I don't see why anyone would sue etc...
    DRP
  • thenativeraver, on 10/12/2007, -0/+2Because Hp doesn't specialize in this. Think of how easy it would be for hp to get blamed for something they didn't do.
  • dh8r, on 10/12/2007, -0/+2This service is businesses to help make their servers hacker-proof (or rather more hacker proof). I don't see why you guys are referring to it as a end user service.
  • inactive, on 10/12/2007, -0/+1Spot on hear hear - why does HP offering a pen testing service = "HP to hack customers networks" no digg
  • nonsequitor, on 10/12/2007, -0/+1Def Con is awesome. I went last year, and already have made all the reservations for this year. Its too bad Black Hat is so expensive. If you work in the security field, get your company to send you to Black Hat, most individuals can't afford the couple grand for admission + airfare + hotel, however if you can scare you Boss into sending you, go for it.
  • nonsequitor, on 10/12/2007, -0/+1Wow, they're actually getting it right. Most of these services test canned threats rather than checking whether or not they are vulnerable to a specific exploit of a service. So worm variant A might be stopped but the slightly different worm variant B which uses the same exploit would get through.

    I used to work for a company which did malicious traffic generation (for testing purposes). Not quite the same as pen testing since it was mostly used by IDS/IDP manufacturers and ISPs. What they're doing is "scanning", which I think would imply the pop-up would be on the host computer rather than the target machine under test. Probably a glorified Nessus front-end, but who knows, they didn't give enough detail in the article to tell. For anyone interested the company I used to work for was http://www.imperfectnetworks.com
  • link470, on 10/12/2007, -0/+1Ive never had a good experience with HP, I hope all goes well for their customers...
  • ddonzal, on 10/12/2007, -0/+1Not really 'new' to HP. This announcements was made 2 years ago:
    http://www.hpl.hp.com/news/2004/jan-mar/pato_rsa.html
    Either that or it has taken them a LONG time to get it up and runing.
  • ziggystardust, on 10/12/2007, -1/+2Inaccurate title and marked as such. Hp isn't hacking anything. They are testing for vulnerabilities to prevent such hacking upon the request of customers.
  • dignation, on 10/12/2007, -0/+1I would think I'm infected if I saw a pop-up alert that said "This machine is Vulnerable to sasser, but we can fix that for you"
  • chevy, on 10/12/2007, -0/+0You have to assume that HP gets some limit of liability for any disruption they do cause here. It's not like poking crafted buffer overruns into random ports has ever been known to crash a service, machine, or network stack...
  • Smokezz, on 10/12/2007, -0/+0Spammers need to be stuck in a tree shredder.
  • notme127, on 10/12/2007, -2/+1There isn't anything to see here, move along...

    No Digg
  • humanaut, on 10/12/2007, -1/+0HP starts to offer a service that has been available for over a decade from the major players in the market (IBM, ISS, etc) and this is somehow big news? Man, I wish my company was in the pocket of as many "journalists" as these clowns. Everytime I took a dump it would be omfgbreakingnews.com.

    On the plus side for those of us in the pentesting field the fact that HP does it will now give it some kind of legitimacy in the eyes of old-school stiffcollared CEO types.
  • olddirtycr, on 10/12/2007, -4/+3hey douchebag read the article next time, the business gives hp permission and some $$ and hp does penetration testing.
  • mosaiegh, on 10/12/2007, -1/+0Of course, this program will have its problems, it won't cover anything and This Amazing Digg Poster will always find fault, but it's certainly a step in the right direction. Hell, even if they fix up 10% of the holes on 10% of the networks they scan on, it's far better than nothing at all.

    HP is a large (and relatively well respected) company, and it has alot of clout with the big guys, in getting their attention. So by getting in there (upon all party agreement), making their networks and computing environments more secure, pushing a security-conscious culture throughout corporate entities, a focus of many viruses...can only be a good thing for everyone. Even the end-user.
  • piratescare, on 10/12/2007, -2/+0blah blah blah old news.. i read this same thing over a year ago.
  • inactive, on 10/12/2007, -7/+2hope the system arent HP systems, dont think they can handle it with all the low grade hardware lol
  • Tiabin, on 10/12/2007, -18/+6"We use hacking techniques to gain access to the system, but once we have control we make the system safe," said Richard Brown

    And hey... if a few new ads happen to pop up on your PC, HP makes a little cash... your computer is more secure and has a new feature! Everybody wins!!
  • steelmaverick, on 10/12/2007, -13/+1Because they have alot of money
  • djblast, on 10/12/2007, -15/+3Umm...cant the customers sue?
  • aussieaubs, on 10/12/2007, -17/+2how is this not in violation of the DMCA!! bloody yanks!
  • xr56n44, on 10/12/2007, -20/+1this should be illegal. send the CEO to prison to be ass-raped, maybe then he'll have more respect for intruding into other people property

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.