lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <008801c412db$51ab5fe0$3200000a@alex>
From: jkuperus at planet.nl (Jelmer)
Subject: PivX is full of crap rant (was : Predictions
 Confirmed, Qwik-Fix Protected )

You shouldn't take them seriously PivX is full of crap, allways has been
allways will be

One thing you've got to understand about them is that they are a media
company, their busnessmodel is build around getting as many media as
possible to portrait them as experts. And they're doing a damn fine job at
it.
One of the best ways to get  coverage is claiming you  predicted that
something would happen ages ago. It makes for great quotes
But unfortunatly PivX isn't a security company it merely plays the part of
one and unfortunatly in order to play this part they often resolve to
complete lies, half truths, and unfounded theories..

how about their claims on

http://www.net-security.org/dl/articles/Qwik-Fix_Pro_WhitePaper.pdf

-- snip --

-Located 100's of Critical Vulnerabilities in Internet Explorer and Windows
as well as in Outlook, AIM, ISS, Apache, SQL and ISA Server
-Located root vulnerabilities in Apache Server

-- snip --

Located?? I guess that's something else than discovered, but I don't think
the casual user would tell the difference, and they are *counting* on that.
The list goes on.. explaining why we should think they are creditable

All this is just covering up the fact that pivx is entirely unaccomplished
and there sole source of credibility comes from other people calling or
asuming  they are credible, even their most public spokesperson  Thor
larholm only found some 3 or 4 in my humble oppinion rather insignificant
and unimaginative flaw's in IE. (I am not saying he's an idiot in any way
but still , oh and when was the last time you needed someone skilled
exclusivly in browser vulnerabilties?) Luigi Auriemma has as of lately
become quite accomplished but he no longer works for them since they fired
him after he tried to "extort" gamespy under the banner of pixv. They people
doing the secure coding seminars who are somewhat credible aren't pivx
employees





----- Original Message ----- 
From: "Alerta Redsegura" <alerta@...segura.com>
To: "Thor Larholm" <thor@...x.com>; "Full-Disclosure"
<full-disclosure@...ts.netsys.com>
Sent: Thursday, March 25, 2004 8:56 PM
Subject: [Full-Disclosure] RE: [Unpatched] PivX Predictions Confirmed,
Qwik-Fix Protected


>
> The following is an excerpt from a PivX statement which is worth quoting:
>
> ---
>
> "PivX Predictions Confirmed, Qwik-Fix Protected
> Over the course of the last 2 years, PivX Solutions has warned the
security
> industry and the public about the possibility of automatically executing
> email worms. This week, we have seen the launch of the first such
successful
> mass-emailing worm, namely Bagle.Q and its variants.
>
> These worms differ from ordinary email borne viruses in that they require
no
> user interaction such as opening an email attachment. Instead, they
> automatically infect a user's machine the instant the email is displayed."
>
> ---
>
> Bagle.Q the "first successful mass-emailing worm" able to auto-execute
when
> previewed or read????
>
> What about Nimda, Bugbear, Klez and all the saga of auto-executing email
> worms that started back in 2001?
>
> I must be missing something...
>
>
> I?igo Koch
> Red Segura
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>



Powered by blists - more mailing lists