undefined | Better HN

0 pointsdoublerabbit12h ago0 comments

Linux is on their second and FreeBSD is on their first. How many is Windows on?

0 comments

dwattttt12h ago

If you think Linux is on their first or second, I'm not sure how or what you're counting.

doublerabbitOP11h ago

> I'm not sure how or what you're counting.

The recent two. FailCopy and DirtyFrag and FreeBSD with Execve.

2 - Linux 1 - FreeBSD.

Of course, all OS have had past-time exploits. Three now have made the news.

nubinetwork1h ago

> 2 Linux

Three. I don't know if this has a name yet... https://news.ycombinator.com/item?id=48067734

dwattttt11h ago

Your question was "how many high profile privilege escalations Windows has had recently" then? I can't think of any, 0?

2 more replies

pjmlp12h ago

Plenty, Microsoft has security teams whose job is to attack Windows.

Naturally they don't do blog posts about what they find.

murderfs11h ago

Local privilege escalation is largely irrelevant on Windows because basically no one uses it in a multi-user system, and application sandboxing is effectively nonexistent.

TZubiri8h ago

I get that multiple human users on a same machine is rare nowadays, and that per-app users were never a thing.

But windows still has a root and a lower privilege user. You typically need to click on "run as admin" to elevate privileges to, for example, alter system binaries.

2 more replies

hnlmorg12h ago

You talk as if Windows is the only OS that has red teams attacking the system when clearly that isn’t even remotely true.

pjmlp4h ago

I talk about that because it is public, and the OP mentioned Windows.

It he talked about Android, I would have mentioned Project Zero.

Don't twist the meaning of posts.

asveikau10h ago

No, they're saying security work happens in the Windows world but not as much in the open, due to the closed source nature.

j / k navigate · click thread line to collapse

0 comments

dwattttt12h ago

If you think Linux is on their first or second, I'm not sure how or what you're counting.

doublerabbitOP11h ago

> I'm not sure how or what you're counting.

The recent two. FailCopy and DirtyFrag and FreeBSD with Execve.

2 - Linux 1 - FreeBSD.

Of course, all OS have had past-time exploits. Three now have made the news.

nubinetwork1h ago

> 2 Linux

Three. I don't know if this has a name yet... https://news.ycombinator.com/item?id=48067734

dwattttt11h ago

Your question was "how many high profile privilege escalations Windows has had recently" then? I can't think of any, 0?

2 more replies

pjmlp12h ago

Plenty, Microsoft has security teams whose job is to attack Windows.

Naturally they don't do blog posts about what they find.

murderfs11h ago

Local privilege escalation is largely irrelevant on Windows because basically no one uses it in a multi-user system, and application sandboxing is effectively nonexistent.

TZubiri8h ago

I get that multiple human users on a same machine is rare nowadays, and that per-app users were never a thing.

But windows still has a root and a lower privilege user. You typically need to click on "run as admin" to elevate privileges to, for example, alter system binaries.

2 more replies

hnlmorg12h ago

You talk as if Windows is the only OS that has red teams attacking the system when clearly that isn’t even remotely true.

pjmlp4h ago

I talk about that because it is public, and the OP mentioned Windows.

It he talked about Android, I would have mentioned Project Zero.

Don't twist the meaning of posts.

asveikau10h ago

No, they're saying security work happens in the Windows world but not as much in the open, due to the closed source nature.

j / k navigate · click thread line to collapse