Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: PivX is full of crap rant (was : Predictions Confirmed, Qwik-Fix Protected )
From: Jelmer <jkuperus () planet nl>
Date: Fri, 26 Mar 2004 03:37:32 +0100

You shouldn't take them seriously PivX is full of crap, allways has been
allways will be

One thing you've got to understand about them is that they are a media
company, their busnessmodel is build around getting as many media as
possible to portrait them as experts. And they're doing a damn fine job at
One of the best ways to get  coverage is claiming you  predicted that
something would happen ages ago. It makes for great quotes
But unfortunatly PivX isn't a security company it merely plays the part of
one and unfortunatly in order to play this part they often resolve to
complete lies, half truths, and unfounded theories..

how about their claims on


-- snip --

-Located 100's of Critical Vulnerabilities in Internet Explorer and Windows
as well as in Outlook, AIM, ISS, Apache, SQL and ISA Server
-Located root vulnerabilities in Apache Server

-- snip --

Located?? I guess that's something else than discovered, but I don't think
the casual user would tell the difference, and they are *counting* on that.
The list goes on.. explaining why we should think they are creditable

All this is just covering up the fact that pivx is entirely unaccomplished
and there sole source of credibility comes from other people calling or
asuming  they are credible, even their most public spokesperson  Thor
larholm only found some 3 or 4 in my humble oppinion rather insignificant
and unimaginative flaw's in IE. (I am not saying he's an idiot in any way
but still , oh and when was the last time you needed someone skilled
exclusivly in browser vulnerabilties?) Luigi Auriemma has as of lately
become quite accomplished but he no longer works for them since they fired
him after he tried to "extort" gamespy under the banner of pixv. They people
doing the secure coding seminars who are somewhat credible aren't pivx

----- Original Message ----- 
From: "Alerta Redsegura" <alerta () redsegura com>
To: "Thor Larholm" <thor () pivx com>; "Full-Disclosure"
<full-disclosure () lists netsys com>
Sent: Thursday, March 25, 2004 8:56 PM
Subject: [Full-disclosure] RE: [Unpatched] PivX Predictions Confirmed,
Qwik-Fix Protected

The following is an excerpt from a PivX statement which is worth quoting:


"PivX Predictions Confirmed, Qwik-Fix Protected
Over the course of the last 2 years, PivX Solutions has warned the
industry and the public about the possibility of automatically executing
email worms. This week, we have seen the launch of the first such
mass-emailing worm, namely Bagle.Q and its variants.

These worms differ from ordinary email borne viruses in that they require
user interaction such as opening an email attachment. Instead, they
automatically infect a user's machine the instant the email is displayed."


Bagle.Q the "first successful mass-emailing worm" able to auto-execute
previewed or read????

What about Nimda, Bugbear, Klez and all the saga of auto-executing email
worms that started back in 2001?

I must be missing something...

IƱigo Koch
Red Segura

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]