upvote

points

by doublerabbit15 hours ago |
comments
upvoteby dwattttt15 hours ago|
next
[-]
If you think Linux is on their first or second, I'm not sure how or what you're counting.
reply
upvoteby doublerabbit15 hours ago|
parent|
[-]
> I'm not sure how or what you're counting.

The recent two. FailCopy and DirtyFrag and FreeBSD with Execve.

2 - Linux 1 - FreeBSD.

Of course, all OS have had past-time exploits. Three now have made the news.

reply
upvoteby nubinetwork4 hours ago|
parent|
next
[-]
> 2 Linux

Three. I don't know if this has a name yet... https://news.ycombinator.com/item?id=48067734

reply
upvoteby dwattttt14 hours ago|
parent|
prev|
[-]
Your question was "how many high profile privilege escalations Windows has had recently" then? I can't think of any, 0?
reply
upvoteby doublerabbit13 hours ago|
parent|
prev|
[-]
It was a sarcastic joke, never mind.
reply
upvoteby pjmlp15 hours ago|
prev|
[-]
Plenty, Microsoft has security teams whose job is to attack Windows.

Naturally they don't do blog posts about what they find.

reply
upvoteby murderfs14 hours ago|
parent|
next
[-]
Local privilege escalation is largely irrelevant on Windows because basically no one uses it in a multi-user system, and application sandboxing is effectively nonexistent.
reply
upvoteby TZubiri12 hours ago|
parent|
[-]
I get that multiple human users on a same machine is rare nowadays, and that per-app users were never a thing.

But windows still has a root and a lower privilege user. You typically need to click on "run as admin" to elevate privileges to, for example, alter system binaries.

reply
upvoteby murderfs7 hours ago|
parent|
next
[-]
Sure, but that's mostly academic: compromise of the user account is game over for any real user. Not actually being Administrator isn't much consolation when the regular user account can extract your cookie jar, record all of your keystrokes and mouse movements, record all desktop video (except for DRM-protected content, heh) etc.
reply
upvoteby asveikau11 hours ago|
parent|
prev|
[-]
I know that Chrome on Windows tries to lower its privileges to mitigate exploits, and although it's not very popular, the MS Store app platform does try to do full isolation of apps. So actually, per-app separation of users kinda does happen, or is attempted on Windows.
reply
upvoteby 4 hours ago|
parent|
[-]
deleted
reply
upvoteby hnlmorg15 hours ago|
parent|
prev|
[-]
You talk as if Windows is the only OS that has red teams attacking the system when clearly that isn’t even remotely true.
reply
upvoteby pjmlp7 hours ago|
parent|
next
[-]
I talk about that because it is public, and the OP mentioned Windows.

It he talked about Android, I would have mentioned Project Zero.

Don't twist the meaning of posts.

reply
upvoteby asveikau13 hours ago|
parent|
prev|
[-]
No, they're saying security work happens in the Windows world but not as much in the open, due to the closed source nature.
reply