undefined | Better HN

0 pointshackernudes10d ago0 comments

I've read many CVEs (somehow that acronym is ok... heh) but have never seen LPE despite being familiar with the concept.

0 comments

staticassertion10d ago

That seems literally borderline impossible.

dataflow10d ago

I think they've almost certainly seen it written out, just not as an acronym. I figured out what it stood for based on context and knowing the full phrase, but I don't recall actually seeing the LPE acronym in recent memory. Whereas with CVE it's the opposite: I almost never see it written out, and even now find it non-obvious what the E stands for, bizarrely enough.

smaudet10d ago

You should re-evaluate your probabilities, I too have heard frequently of CVEs, but never of an LPE.

staticassertion10d ago

I'm sure lots of people have heard of CVEs, but have you actually read many? LPE is an extremely common term. It's like not knowing RCE. These are the terms used.

cynicalkane10d ago

I'll raise my hand here and risk downvotes from very smart people who are smarter than me, but I've heard of CVE but not LPE or RCE. I know what the latter two terms are but am not used to seeing them in acronyms.

So what's missing is that keeping up-to-date with CVEs is important and some CVEs are Internet-nerd famous. Remember Heartbleed? Even some casual gamers I know had heard of it. And everyone who's mildly serious about sysadmin knows you want to defensively keep systems patched against important CVEs. The second layer of that, what the exploits actually are or do, is a second-layer term of art, one that one might miss the jargon for even if one has familiarity with the concepts.

To me, the fact that the page is obviously AI-assisted is way more upsetting than some guy not knowing what an acronym means. There's something about AI prose that is just so fucking tedious. It makes the mind glaze over.

1 more reply

busterarm10d ago

I'm as stunned as you are. I have to read CVEs on a weekly cadence (like contractually required to) and LPE/RCE are kind of the main keywords we look for in them. Also increasingly TOCTOU. If anyone who actually has to respond to CVEs told me they had never seen these terms before I would judge them as being unserious.

stackghost10d ago

I could see it for someone who is only somewhat in tune with security work today.

Back in the day those of us breaking into shitty php sites didn't use LPE, we used "privesc", IIRC.

j / k navigate · click thread line to collapse

0 comments

staticassertion10d ago

That seems literally borderline impossible.

dataflow10d ago

smaudet10d ago

You should re-evaluate your probabilities, I too have heard frequently of CVEs, but never of an LPE.

staticassertion10d ago

I'm sure lots of people have heard of CVEs, but have you actually read many? LPE is an extremely common term. It's like not knowing RCE. These are the terms used.

cynicalkane10d ago

1 more reply

busterarm10d ago

stackghost10d ago

I could see it for someone who is only somewhat in tune with security work today.

Back in the day those of us breaking into shitty php sites didn't use LPE, we used "privesc", IIRC.

j / k navigate · click thread line to collapse