> So I have one example to back up my claim. Now it's your turn. Give me a > worm that my scheme would not have protected me against. That's all you > need to do to convince me. Easy, isn't it? No need to give me lengthy > lectures. Just give me one URL. If you can't do that, don't bother > replying. You're wasting your time, because you're telling me things I > already know.
I was going to write a lengthy reply to your second email before I read this. I was going to explain that you aren't much more secure this way, that shellcode is trivial to rework for a different path, and that your method still really is security through obscurity. But apparently you don't want to hear that, and everyone else already posted those points, so I'll save it. I can't cite a worm that would infect your system. I can't even cite an exploit for a daemon that would work on your system without editting. I can tell you two things though: 1) People on Windows used to rename C:\WINDOWS and C:\WINNT to other things. Viruses adapted to that. 2) All the path changing in the world isn't going to save you from exploits that don't rely on shells. That includes directory traversals, password bypasses, and SQL injection. A faulty web application is going to reveal your mysql password no matter what crazy directory you have it in. But you're going to go ahead and do it anyway, so keep us posted on how it turns out. I think the idea is stupid, and I don't think you appreciate how long it will take to do, but I can't convince you of that. If anything you'll be left vulnerable for longer while you try to rework what should be quick patches into your new cracked out file structure. Try to remember that you aren't making yourself invulnerable from anyone who gives a little effort to attacking you. --hax _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
