FEDWatch and MILWatch, 2013 and Beyond

Earlier in the year, we released FEDWatch and MILWatch 2013 publicly. These are lists of .gov and .mil visitors to our site. We don't prevent .gov or .mil from visiting our site, but we've typically done our best to keep track of what they're doing. As of today, the 2013 lists (FEDWatch and MILWatch) are complete. On account of a large mining effort coming from Chinese Unicom (hello PLA), we've moved the 2014 lists to the VIP area. We will be doing the 2014 lists per month, to give our VIP users a better idea of when various government linked organizations accessed our site. If you have VIP, please check out the first round (Jan 2014) at FEDWatch and MILWatch.

BSDCan Presentation About FreeBSD ASLR

I have the privilege of publicly representing SoldierX by speaking at BSDCan, a BSD-centric conference held every year in Ottawa, Canada, this year about the work I did in behalf of SoldierX of porting grsec's/PaX's ASLR to FreeBSD (credit where credit is due: I enhanced and finished already-existing, but unfinished, patches provided by other awesome developers). The BSDCan people are finalizing the scheduling. I should have updates on the exact day/time of the presentation when the date gets closer. The presentation should, just as last year, be both streamed live and recorded. Once the schedule is posted online, I'll follow up with a comment on this post with a link.

FreeBSD ASLR Patch Submitted

Over the past few months, I've had the pleasure of enhancing Oliver's original patch that implements ASLR on FreeBSD. I've added support for randomizing the address of the RTLD and changing the behavior of ASLR to be set on a per-jail basis. This means that if a user requires an application that doesn't support ASLR (crashes, exhibits bugs, etc.), then the affected application can simply be placed in a jail with ASLR turned off. The rest of the system and the rest of the jails could still have ASLR turned on.

Oliver had ported over PaX's ASLR to NetBSD a few years back, and these patches bring FreeBSD feature-for-feature complete with NetBSD's ASLR implementation. What's lacking, along with NetBSD's implementation, is exec base randomization. This needs to be done on a per-binary basis, for binaries compiled with -fPIE. Additionally, we might want to specifically mark executables with an ELF note, specifying that it's safe to relocate the exec base.

One known bug is that applications compiled with clang with -fPIC -fPIE -static combined could segfault. I can provide a sample binary (with sample code) if needed for a simple five-line test application.

I will continue to research exec base randomization, but this task might be a bit over my head skill-wise.

I've submitted a BSDCan presentation. I hope it will get accepted. I'll run through how Oliver and I have implemented ASLR on FreeBSD and how tightly it's integrated. My favorite feature is the per-jail ASLR configuration. I'm really excited for the future of this work. However, I need to take some time away from it and focus on some other projects for the next six to twelve months. If I make more progress on exec base randomization, you can follow my GitHub repo.

New Tutorial by cisc0ninja - Staying Anonymous

For the first time in a long time, cisc0ninja has published a new tutorial. Dubbed, "Staying Anonymous", this tutorial essentially ties a number of other tutorials together with some personal preferences by cisc0ninja. Definitely worth checking out, especially if you don't have the patience to read through Kayin's Cyber Ninjitsu - The Art of Invisibility Online. cisc0ninja's new tutorial can be found at https://www.soldierx.com/tutorials/Staying-anonymous. In other news, we have been using the new database backend since January 09, 2014. We didn't officially announce it as we didn't feel it was particularly newsworthy.

Email Issues Resolved

After much digging, we finally discovered that the email issues that we've been hearing about for the past few weeks were the result of a faulty script. The script failed after some of our security changes prevented it from having the access it needed. The result - the majority of emails sent through the site over the past 6 weeks had not gone out. Sorry for any problems that this has caused the users of this site. All systems are now back to normal.

In other server news, we have just assembled a new database backend server and are looking to get it installed shortly after Christmas. It's a brand new system, complete with a dedicated 16 GB of RAM, SATA 6 Gb/s, and SSD. This should resolve the posting slowdowns that some of our users have been complaining about.

Network Outages

I'm pleased to report that we've finally changed out some faulty network gear that caused several outages over the past week. Not much news to report, but there are some big changes coming soon - to include some interesting training opportunities. For our VIP members, expect several new releases and updates during the next few weeks. We will be merging the 2012 wallpaper contest with the 2013 one. Look for that announcement in the next few weeks as well.

Syndicate content