Sorry for the late notice everybody, somehow this slipped my mind. Blake will be presenting an updated version of his Defcon 22 DDoS talk at HackCon in Oslo, Noway next week. cisc0ninja will unfortunately not be assisting this time around, as he has decided to leave the security/hacking scene for the gaming scene (specifically Elder Scrolls Online). For anybody going that wants to meet up - as always, just look for the guys in the SX shirts. We look forward to Blake's talk and hope to see more of the SX Crew representing SX at various conferences in the future.
I'm happy to announce that we have released our new layout for the tools section of the site today. The interface was done by one of our recruits, revall, and the backend changes were completed by cisc0ninja before he retired. We welcome any suggestions on improving our site at the appropriate area of the forums. In other news, our weekly meetings have been going well. We hope to see more new faces this Thursday in IRC.
The first announcement is fairly big since we haven't let anybody into our crew since November 15, 2012. It is with great honor that I would like to announce the High Council's decision to promote Shinobi to the status of full crew member of SOLDIERX. Shinobi is now the head of Operations for all of SX (essentially what I've been doing all of these years). As with all members promoted to the status of full crew, we hope that Shinobi will continue his efforts and show the same enthusiasm and workmanship that he showed during his inductee status. Congratulations!
After two weeks of no IRC meetings due to the holidays, our weekly meetings will resume today. As with our last IRC meeting, we will have it from noon to one (12:00-13:00) EST and then again at nine to ten (21:00-22:00) EST. We're having two time slots in hopes that everybody who wants to attend will be able to make one of the sessions. Hope to see you all there!
cisc0ninja has decided to retire from SX. He has stated that he's not currently interested in computer security, so there's no place for him here in SX. He has moved onto gaming, so if anybody plays Elder Scrolls Online - feel free to reach out to him and join him in game. We're leaving his [email protected] email account open.
Since the majority (91%) voted that they would attend a chat session where members of SOLDIERX would answer any question they wanted, we are now starting that as a weekly IRC chat on Thursday. Our current plan is to have it from noon to one (12:00-13:00) EST and then again at nine to ten (21:00-22:00) EST. We're having two time slots in hopes that everybody who wants to attend will be able to make one of the sessions. Our first meeting will be this Thursday, December 18, 2014. Hope to see you all there!
The recently disclosed offset2lib attack against Linux's default ASLR implementation has generated a lot of chatter. As mentioned in the paper, ASLR implementations based off of PaX's--which is the case for HardenedBSD--are generally secured against this attack. Our whitepaper describes how we calculate separate offsets for the execution base, mmap, and the stack. For Position-Independent Executables (PIEs), the shared objects have a different randomization offset than the executable itself.
While HardenedBSD is secure against this particular attack, further additions to our implementation can help strengthen it. Since each shared object is randomized with the same delta, the same attack could theoretically be carried out in between libraries. Research is being done in HardenedBSD to randomize the base address of each shared object independent of the other shared objects. This would strengthen HardenedBSD against similar attacks. Additional research is being done to randomize the load order of shared libraries as well. OpenBSD does this to further frustrate an attacker as he or she will not be able to know beforehand in which order the libraries will be loaded.
We're working hard to bring the FreeBSD community (and the Internet community as a whole) many security enhancements. We're looking to build an automated infrastructure along with providing our developers a system to do dedicated development on. We're paying everything out of pocket and our expenses are quite high, even as a new project. As such, we've started a crowdfunding campaign on Indiegogo for a dedicated development server. If you want to see HardenedBSD succeed and be given public credit for that help, please head over to the Indiegogo page and give a donation. Even if you can't donate, we'd love it if you could spread the word. We need all the help we can get. We deeply appreciate all the help and support the community has already given us.
We're currently planning some organizational changes as well as trying to figure out where we should focus our work. Feel free to comment on this news post with things you would like to see. We're planning to bring some contests either late this month or early next month. Last but not least, we have a poll about hosting a weekly or monthly IRC chat where members of SX will answer any question you have. Please click here and let us know if you would attend such an event.
Just a heads up that we've completed a few site enhancements and are working on a few more. We've done some optimizations to speed up new post creation - hopefully this will resolve some of the double posting issues. We've also forced all http[s]://soldierx.com traffic to redirect to https://www.soldierx.com as well as forced all cookies to be www.soldierx.com rather than .soldierx.com. This will help protect against cookie stealing attacks that would utilize servers such as hei. We're working on getting some minor theme updates completed as well as playing around with having a mobile theme for phones and such.
I wrote a guide a while back, and, well, you can read all about it here: https://www.soldierx.com/tutorials/GYOB-Grow-Your-Own-Bud
I'm going to add a couple additions, one with some tidbits on breeding and another on working with seeds and sexing since I left that part out.
I've been extremely busy these past few weeks to bring SoldierX a slice of awesomeness. Early on in the ASLR project, SoldierX graciously donated a sparc64 and later a BeagleBone Black. We've been able to identify a few (still outstanding) issues on ARM with our ASLR implementation. Our implementation would not be as stable, robust, or feature-complete today if it weren't for SoldierX's sponsorship and donations. It is with tremendous excitement that today I'm announcing the launch of the HardenedBSD project.
The HardenedBSD project aims to enhance FreeBSD's security by adding many exploit mitigation technologies and upstreaming those enhancements directly to FreeBSD. You can think of HardenedBSD as more of a staging area for bleeding-edge development of exploit mitigation, hardening, and other security-related technologies for FreeBSD. Once ASLR is feature complete and fully upstreamed (including integration with the Ports tree), I'll port certain security features from the Grsecurity Linux kernel hardening patch.
Please keep in mind that we're still in the early stages of getting everything set up. I'm building our first official package repo as we speak (with more than 20,000 packages, it takes a lot of time). Please give it a spin.