| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <008801c412db$51ab5fe0$3200000a@alex> From: jkuperus at planet.nl (Jelmer) Subject: PivX is full of crap rant (was : Predictions Confirmed, Qwik-Fix Protected ) You shouldn't take them seriously PivX is full of crap, allways has been allways will be One thing you've got to understand about them is that they are a media company, their busnessmodel is build around getting as many media as possible to portrait them as experts. And they're doing a damn fine job at it. One of the best ways to get coverage is claiming you predicted that something would happen ages ago. It makes for great quotes But unfortunatly PivX isn't a security company it merely plays the part of one and unfortunatly in order to play this part they often resolve to complete lies, half truths, and unfounded theories.. how about their claims on http://www.net-security.org/dl/articles/Qwik-Fix_Pro_WhitePaper.pdf -- snip -- -Located 100's of Critical Vulnerabilities in Internet Explorer and Windows as well as in Outlook, AIM, ISS, Apache, SQL and ISA Server -Located root vulnerabilities in Apache Server -- snip -- Located?? I guess that's something else than discovered, but I don't think the casual user would tell the difference, and they are *counting* on that. The list goes on.. explaining why we should think they are creditable All this is just covering up the fact that pivx is entirely unaccomplished and there sole source of credibility comes from other people calling or asuming they are credible, even their most public spokesperson Thor larholm only found some 3 or 4 in my humble oppinion rather insignificant and unimaginative flaw's in IE. (I am not saying he's an idiot in any way but still , oh and when was the last time you needed someone skilled exclusivly in browser vulnerabilties?) Luigi Auriemma has as of lately become quite accomplished but he no longer works for them since they fired him after he tried to "extort" gamespy under the banner of pixv. They people doing the secure coding seminars who are somewhat credible aren't pivx employees ----- Original Message ----- From: "Alerta Redsegura" <alerta@...segura.com> To: "Thor Larholm" <thor@...x.com>; "Full-Disclosure" <full-disclosure@...ts.netsys.com> Sent: Thursday, March 25, 2004 8:56 PM Subject: [Full-Disclosure] RE: [Unpatched] PivX Predictions Confirmed, Qwik-Fix Protected > > The following is an excerpt from a PivX statement which is worth quoting: > > --- > > "PivX Predictions Confirmed, Qwik-Fix Protected > Over the course of the last 2 years, PivX Solutions has warned the security > industry and the public about the possibility of automatically executing > email worms. This week, we have seen the launch of the first such successful > mass-emailing worm, namely Bagle.Q and its variants. > > These worms differ from ordinary email borne viruses in that they require no > user interaction such as opening an email attachment. Instead, they > automatically infect a user's machine the instant the email is displayed." > > --- > > Bagle.Q the "first successful mass-emailing worm" able to auto-execute when > previewed or read???? > > What about Nimda, Bugbear, Klez and all the saga of auto-executing email > worms that started back in 2001? > > I must be missing something... > > > I?igo Koch > Red Segura > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists