Apparently HP has been drinking the coolaid. This article on Silicon.com describes what I can olny see as a realy bad idea.
The company said on Tuesday it would use the same techniques as hackers to gain access to its customers’ machines. However, the exploit code it will use will be controlled and will not propagate itself, HP said.
Richard Brown, threat management department manager at HP Labs, said: “We use hacking techniques to gain access to the system but once we have control we make the system safe. We don’t unleash a worm – we don’t use worm-propagation techniques.”
Yeah, there is no way something could go wrong with an idea like this (insert sarcasm). The upside is that customers have to provide HP with permission before conducting these tests.
Customers must give permission for HP to scan their systems, and can specify that certain servers or devices are not included in the scan, if concerned the scan will cause disruption.
I’m sorry but, I just am concerned about security testing from a company that is known for putting undocumented backdoor accounts in their own operating systems.
[tags]HP, Penetration Testing, HPAC, Vulnerabilities[/tags]