upvote

points

by boston_clone15 hours ago |
comments
upvoteby acdha13 hours ago|
next
[-]
That’s very optimistic. I’d bet there are an order of magnitude more people wondering how exposed they are than security researchers reading this.
reply
upvoteby staticassertion12 hours ago|
parent|
[-]
https://duckduckgo.com/?q=LPE+security&ia=web

wow

reply
upvoteby acdha10 hours ago|
parent|
[-]
Sure, nobody’s saying it’s an inscrutable mystery but if your goal is to inform a wide audience it’s considered good form to expand all but the most common acronyms. It’ll even get you more internet points than petty smugness.
reply
upvoteby staticassertion3 hours ago|
parent|
[-]
I think sysadmins should learn the term LPE tbh
reply
upvoteby hackernudes13 hours ago|
prev|
next
[-]
I've read many CVEs (somehow that acronym is ok... heh) but have never seen LPE despite being familiar with the concept.
reply
upvoteby staticassertion12 hours ago|
parent|
[-]
That seems literally borderline impossible.
reply
upvoteby smaudet11 hours ago|
parent|
next
[-]
You should re-evaluate your probabilities, I too have heard frequently of CVEs, but never of an LPE.
reply
upvoteby staticassertion11 hours ago|
parent|
[-]
I'm sure lots of people have heard of CVEs, but have you actually read many? LPE is an extremely common term. It's like not knowing RCE. These are the terms used.
reply
upvoteby cynicalkane10 hours ago|
parent|
[-]
I'll raise my hand here and risk downvotes from very smart people who are smarter than me, but I've heard of CVE but not LPE or RCE. I know what the latter two terms are but am not used to seeing them in acronyms.

So what's missing is that keeping up-to-date with CVEs is important and some CVEs are Internet-nerd famous. Remember Heartbleed? Even some casual gamers I know had heard of it. And everyone who's mildly serious about sysadmin knows you want to defensively keep systems patched against important CVEs. The second layer of that, what the exploits actually are or do, is a second-layer term of art, one that one might miss the jargon for even if one has familiarity with the concepts.

To me, the fact that the page is obviously AI-assisted is way more upsetting than some guy not knowing what an acronym means. There's something about AI prose that is just so fucking tedious. It makes the mind glaze over.

reply
upvoteby staticassertion4 hours ago|
parent|
[-]
To be clear, I'm not suggesting that you if have heard of CVEs therefor you must have heard of LPE. I'm saying if you have read many of them you would have seen these terms.

I obviously do not expect someone who has merely heard of various CVEs before to know anything about the contents of those CVEs. The other poster said they had "read many CVEs", which I took to mean they have read many CVE disclosures, where the term is extremely common. Perhaps they meant that they've read about CVEs, in which case I can see why the term would not be on their radar.

reply
upvoteby stackghost8 hours ago|
parent|
prev|
[-]
I could see it for someone who is only somewhat in tune with security work today.

Back in the day those of us breaking into shitty php sites didn't use LPE, we used "privesc", IIRC.

reply
upvoteby no-name-here10 hours ago|
prev|
[-]
Content at the OP link http://copy.fail seems fairly different from any normal CVE I’ve seen.
reply