this post was submitted on 16 Apr 2025
77 points (97.5% liked)

Cybersecurity

7734 readers
42 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
top 7 comments
sorted by: hot top controversial new old
[–] nic2555@lemmy.world 22 points 2 months ago (1 children)

If only there was some kind of database where we could reference the most common vulnerability and exposure incidents, such as this one, and then ranked them based on their criticality, for everyone to be well informed.

[–] RvTV95XBeo@sh.itjust.works 7 points 2 months ago (1 children)

Idk who went for the down vote here - such a mythical system sounds lovely (and someone clearly hasn't read the news)

[–] admin@sh.itjust.works 2 points 2 months ago

We should name it something like Common Vulnerabilities Index or something like that.

[–] BigMikeInAustin@lemmy.world 16 points 2 months ago* (last edited 2 months ago)

Shoot, it takes longer for me to wait for the user access window to run a command as an admin.

How would one do this?...

[–] vk6flab@lemmy.radio 5 points 2 months ago (2 children)

Sounds like a quicker way to login to me. What's the downside?

Before you answer "security", need I remind you that Windows has to my knowledge not ever been secure, unless you count when it's still on the installation media and not yet inserted into the machine .. yes, I too have used packs of Windows floppy disks in the past. I might still have a few hundred in a drawer somewhere.

[–] Nougat@fedia.io 13 points 2 months ago

9x was not secure. User credentials were only used to load a user profile, but there was no functionality to deny access to anything, and you did not need to log on with credentials.

NT and 2000 forward have been secure(r), with actual permissions (file/folder, registry, services, etc) applied to user accounts.

Much of the crying about windows not being secure stems from people using admin-level accounts to do day-to-day things, and then getting tricked into clicking things they shouldn't. Microsoft kind of mitigated this with UAC prompts, but the everyday user is "annoyed" by those, so people figure out how to turn UAC off, or just blindly click through the warnings. Hell, remember when the first UAC prompts out of Vista were "so annoying" that Microsoft had to scale back their frequency, because people didn't like it?

This particular security situation is not any of the above. It stems from an actual code exploit. Which, by my reading, has been fixed?

Anyway - a vast majority of the "Windows is not secure" is a direct result of users running as root. Which you can do on any operating system.

[–] crawancon@lemm.ee 8 points 2 months ago

To me it just sounds llike someone's never hardened an enterprise and locked down windows machines effectively through cis alignment and some normal suite of tools, xdr, etc.

It's easy to pick on windows because of Microsoft decisions over the years, but it's also not impossible to lock it down effectively.