On Thu, 4 May 2006, Eric Ziegast wrote: > An 3l33t hacker might figure out that all he/she had to do was > modify the magic number to get their program to run, but most people > (including script kiddies) wouldn't figure it out, give up, and move > on to softer targets.
Typical security-through-obscurity junk. If a hacker cared, then they would figure it out pretty quickly and it the ones who care that you have to worry about. In its stronger form of "cryptographically signed binaries", this idea isn't so effective either: all an attacker has to do is find *one* code execution vulnerability *anywhere* on your system and they are back to running arbitrary programs. Search phrack et al. for "userspace exec" shellcodes to see that exploiting this is still pretty close to script-kiddie levels of difficulty. -d
