HackerTrans
TopNewTrendsCommentsPastAskShowJobs

pid1wow

no profile record

comments

pid1wow
·पिछला वर्ष·discuss
[dead]
pid1wow
·2 वर्ष पहले·discuss
What is (theoretically, or practically) being achieved by running sudo instead of just logging in as root? Can you give an example that justifies typing your password up to hundreds of times per day coupled with deliberate hashing delays?
pid1wow
·2 वर्ष पहले·discuss
They say Windows has a more advanced security system, but what does that actually mean in practice? Okay, it has everything is an object, then you can just set permissions on objects. Okay, the OS just has to check if you have permission to an object before you access that object.

What if there are just a billion objects and you can't tell which ones need which permission, as an administrator. I couldn't tell if this example actually exists from the article as it only talks abstractly about the subject. But Windows security stuff just sounds like a typical convoluted system that never worked. This is probably one of the one places where UN*X is better off, not that it's any good since it doesn't support any use case other than separating the web server process from the DNS server process, but that it's very simple.

What if the objects do not describe the items I need to protect in sufficient detail? How many privilege escalation / lateral movement vulns were there in Windows vs any UN*X?
pid1wow
·2 वर्ष पहले·discuss
What do you mean? On Tor I get a Cloudflare block just from clicking 2 links on the front page of HN:

http://forums.accessroot.com/index.php?showtopic=4361&st=0

>Please wait while your request is being verified...

I can't remember any day I didn't get a Cloudflare block. Even on bare IP sometimes. WAFs are security theater.
pid1wow
·2 वर्ष पहले·discuss
> directory traversal

The correct term is directory enumeration. Traversal usually means something about ../../
pid1wow
·2 वर्ष पहले·discuss
Given that the most common use of sudo is to give yourself root to run a command, and malware looking to elevate root can just rig up ~/.bashrc, what use is this patch? What use cases does it apply to and how common are they?
pid1wow
·2 वर्ष पहले·discuss
A little known secret is that you can actually search not only backward (ctrl+r), but also forward (ctrl+s). The problem is ctrl+s is bound by default to (obscure terminal thing) that stops your terminal from outputting anything. This can be disabled with stty stop ^-, and then ctrl+s will work as intended.