upvote

points

by hackernudes16 hours ago |
comments
upvoteby arcfour13 hours ago|
next
[-]
LPE is a very well-known acronym within the security community, it's not purely academic or obscure or anything.

I agree that it would be a good idea to define it explicitly when writing for a broader audience, but I don't think it's particularly egregious that they didn't. It's certainly something I could see myself forgetting.

Then again, the whole writeup appears to be AI-generated, so...

reply
upvoteby 1970-01-0120 minutes ago|
parent|
next
[-]
It is nowhere near this. There are very few acronyms in the IT world that are actually well-known outside of it. LPE is less well-known than LVAD or MCU.

https://www.acronymfinder.com/Information-Technology/MCU.htm...

https://www.acronymfinder.com/LVAD.html

https://www.acronymfinder.com/Information-Technology/LPE.htm...

reply
upvoteby globular-toast5 hours ago|
parent|
prev|
[-]
Sure, but the target audience of copy.fail is surely not the security community but regular sysadmins who probably don't otherwise follow as closely.
reply
upvoteby a961 hours ago|
parent|
[-]
I would absolutely expect a sysadmin in particular to know and understand the term and acronym.
reply
upvoteby jjordan15 hours ago|
prev|
next
[-]
Good writing for a broad audience requires it. Unfortunately the LLMs don't tend to adopt this guideline.
reply
upvoteby boston_clone15 hours ago|
parent|
[-]
it’s a CVE write up; the audience for these knows what an LPE is.
reply
upvoteby acdha13 hours ago|
parent|
next
[-]
That’s very optimistic. I’d bet there are an order of magnitude more people wondering how exposed they are than security researchers reading this.
reply
upvoteby staticassertion12 hours ago|
parent|
[-]
https://duckduckgo.com/?q=LPE+security&ia=web

wow

reply
upvoteby acdha10 hours ago|
parent|
[-]
Sure, nobody’s saying it’s an inscrutable mystery but if your goal is to inform a wide audience it’s considered good form to expand all but the most common acronyms. It’ll even get you more internet points than petty smugness.
reply
upvoteby staticassertion4 hours ago|
parent|
[-]
I think sysadmins should learn the term LPE tbh
reply
upvoteby hackernudes13 hours ago|
parent|
prev|
next
[-]
I've read many CVEs (somehow that acronym is ok... heh) but have never seen LPE despite being familiar with the concept.
reply
upvoteby staticassertion12 hours ago|
parent|
[-]
That seems literally borderline impossible.
reply
upvoteby smaudet11 hours ago|
parent|
next
[-]
You should re-evaluate your probabilities, I too have heard frequently of CVEs, but never of an LPE.
reply
upvoteby staticassertion11 hours ago|
parent|
[-]
I'm sure lots of people have heard of CVEs, but have you actually read many? LPE is an extremely common term. It's like not knowing RCE. These are the terms used.
reply
upvoteby cynicalkane10 hours ago|
parent|
[-]
I'll raise my hand here and risk downvotes from very smart people who are smarter than me, but I've heard of CVE but not LPE or RCE. I know what the latter two terms are but am not used to seeing them in acronyms.

So what's missing is that keeping up-to-date with CVEs is important and some CVEs are Internet-nerd famous. Remember Heartbleed? Even some casual gamers I know had heard of it. And everyone who's mildly serious about sysadmin knows you want to defensively keep systems patched against important CVEs. The second layer of that, what the exploits actually are or do, is a second-layer term of art, one that one might miss the jargon for even if one has familiarity with the concepts.

To me, the fact that the page is obviously AI-assisted is way more upsetting than some guy not knowing what an acronym means. There's something about AI prose that is just so fucking tedious. It makes the mind glaze over.

reply
upvoteby staticassertion4 hours ago|
parent|
[-]
To be clear, I'm not suggesting that you if have heard of CVEs therefor you must have heard of LPE. I'm saying if you have read many of them you would have seen these terms.

I obviously do not expect someone who has merely heard of various CVEs before to know anything about the contents of those CVEs. The other poster said they had "read many CVEs", which I took to mean they have read many CVE disclosures, where the term is extremely common. Perhaps they meant that they've read about CVEs, in which case I can see why the term would not be on their radar.

reply
upvoteby stackghost8 hours ago|
parent|
prev|
[-]
I could see it for someone who is only somewhat in tune with security work today.

Back in the day those of us breaking into shitty php sites didn't use LPE, we used "privesc", IIRC.

reply
upvoteby no-name-here10 hours ago|
parent|
prev|
[-]
Content at the OP link http://copy.fail seems fairly different from any normal CVE I’ve seen.
reply
upvoteby ButlerianJihad9 hours ago|
prev|
next
[-]
To be fair, I just consulted 3 cybersecurity glossaries (SANS.org, NIST CSRC, Huntress), and none of them list "LPE" nor "Local Privilege Escalation".

If you type "LPE" into English Wikipedia's search bar, and press "Enter", you'll be sent to a disambiguation page which contains a link to the relevant article.

https://en.wikipedia.org/wiki/LPE

reply
upvoteby 1970-01-0112 hours ago|
prev|
[-]
I don't know why, but newer writers have never been taught to expand their acronyms on first use. I blame the US education system.
reply