We've opened up a poll to see if our community thinks that we should change our slogan. We've been using "Nobody Can Stop Information Insemination" since the 90s and it's possible that it's time to change. We'd appreciate if all users of our site would take some time to vote over at https://www.soldierx.com/polls/Should-we-change-our-slogan-Currently-Nob...
I'm happy to announce that after months and months of PR work, Kohelet has been promoted to inductee. We're now out of recruits, so we're looking for talented individuals to apply . As mentioned in the FAQ, if you are serious about joining SOLDIERX, you should have at least 5-10 hours of time to give to the group each week. The first step in becoming a member is to become a recruit. In order to become a recruit you need to email the following information to RaT:
Contact Information (AIM, yahoo, etc):
Skills (reverse engineering, writing, programming, etc):
Why You Want To Join SOLDIERX:
What You Will Do For Your First Project:
Earlier in the year, we released FEDWatch and MILWatch 2013 publicly. These are lists of .gov and .mil visitors to our site. We don't prevent .gov or .mil from visiting our site, but we've typically done our best to keep track of what they're doing. As of today, the 2013 lists (FEDWatch and MILWatch) are complete. On account of a large mining effort coming from Chinese Unicom (hello PLA), we've moved the 2014 lists to the VIP area. We will be doing the 2014 lists per month, to give our VIP users a better idea of when various government linked organizations accessed our site. If you have VIP, please check out the first round (Jan 2014) at FEDWatch and MILWatch.
I have the privilege of publicly representing SoldierX by speaking at BSDCan, a BSD-centric conference held every year in Ottawa, Canada, this year about the work I did in behalf of SoldierX of porting grsec's/PaX's ASLR to FreeBSD (credit where credit is due: I enhanced and finished already-existing, but unfinished, patches provided by other awesome developers). The BSDCan people are finalizing the scheduling. I should have updates on the exact day/time of the presentation when the date gets closer. The presentation should, just as last year, be both streamed live and recorded. Once the schedule is posted online, I'll follow up with a comment on this post with a link.
Over the past few months, I've had the pleasure of enhancing Oliver's original patch that implements ASLR on FreeBSD. I've added support for randomizing the address of the RTLD and changing the behavior of ASLR to be set on a per-jail basis. This means that if a user requires an application that doesn't support ASLR (crashes, exhibits bugs, etc.), then the affected application can simply be placed in a jail with ASLR turned off. The rest of the system and the rest of the jails could still have ASLR turned on.
Oliver had ported over PaX's ASLR to NetBSD a few years back, and these patches bring FreeBSD feature-for-feature complete with NetBSD's ASLR implementation. What's lacking, along with NetBSD's implementation, is exec base randomization. This needs to be done on a per-binary basis, for binaries compiled with -fPIE. Additionally, we might want to specifically mark executables with an ELF note, specifying that it's safe to relocate the exec base.
One known bug is that applications compiled with clang with -fPIC -fPIE -static combined could segfault. I can provide a sample binary (with sample code) if needed for a simple five-line test application.
I will continue to research exec base randomization, but this task might be a bit over my head skill-wise.
I've submitted a BSDCan presentation. I hope it will get accepted. I'll run through how Oliver and I have implemented ASLR on FreeBSD and how tightly it's integrated. My favorite feature is the per-jail ASLR configuration. I'm really excited for the future of this work. However, I need to take some time away from it and focus on some other projects for the next six to twelve months. If I make more progress on exec base randomization, you can follow my GitHub repo.
For the first time in a long time, cisc0ninja has published a new tutorial. Dubbed, "Staying Anonymous", this tutorial essentially ties a number of other tutorials together with some personal preferences by cisc0ninja. Definitely worth checking out, especially if you don't have the patience to read through Kayin's Cyber Ninjitsu - The Art of Invisibility Online. cisc0ninja's new tutorial can be found at https://www.soldierx.com/tutorials/Staying-anonymous. In other news, we have been using the new database backend since January 09, 2014. We didn't officially announce it as we didn't feel it was particularly newsworthy.