Features request for international mobile users

Here is a short-list of missing features for international mobile users. Feel free to contact me on @msuiche or over e-mail if there is any feature you think is missing but more necessary than changing the colors of your icons at every release.

1. Smart address book
There is no reason your contact book would not allow you to automatically sort your contacts out per country using the Prefix Country Code, nor per city or region using the prefix following the country code.
Moreover, a map-based browsing would be more intuitive for its users – as per example the illustrative screenshot below.
smart_address_book

And also timestamps your contacts to provide better triage mechanism based on time / day / month / year.

2. Smart international keyboard
There is no reason Messaging application could not remember what keyboard layout I use for different contacts. If you message different people using multiple languages, your app should at least remember your preferred keyboard layout per contact.

3. The end of the single number identity
There is no reason applications would tie your identity to a single number. Applications such as messaging applications (WhatsApp, etc.), food delivery applications, or even car booking applications (Uber etc.) only allow their users to have one single number. Users should have the ability to have multiple verified numbers, people who travel usually have one number per country.

U.S. / France cyber-security budget

Pentagon Five-Year (until 2018) Cybersecurity Plan Seeks $23 Billion (cf. 2015 Fiscal Year Budget request)
That is around 1.6x times ($4.6 Bn/Year) the annual budget of DARPA ($2.8 Bn/Year)

France Five-Year (until 2019) Cybersecurity plan is EUR 1 Billion
This is around 1.33x times (EUR 200M/Year) the budget allocated to the call for projects in cyber-security from last year. The budget allocated was supposed to be EUR 150M but no updates had been communicated by officials since the initial press release, and any attempts to obtain more information had been dismissed or ignored.

U.S. cyber security budget is 17+ times more the French budget.
And in addition of that the U.S. is developing partnerships at different levels within its own ecosystem, which is something yet to be seen in France even through claims had been mentioned by the government to strengthen its sovereign technology.

That’s so Swish !

SwishDbgExt is a Microsoft WinDbg debugging extension that expands the set of available commands by Microsoft WinDbg, but also fixes and improves existing commands.

Description

This extension has been developed by Matt Suiche (@msuiche) – feel free to reach out on Twitter (even better, on the mailing list) to ask for more features, offer to contribute and/or report bugs.

Mailing-List: https://groups.google.com/a/moonsols.com/forum/#!forum/dfir-list or dfir-list+subscribe@moonsols.com

SwishDbgExt aims at making life easier for kernel developers, troubleshooters and security experts with a series of debugging, incident response and memory forensics commands.

Because SwishDbgExt is a WinDbg debugging extension, it means it can be used on local or remote kernel debugging session, live sessions generated by Microsoft LiveKd, but also on Microsoft crash dumps generated to a Blue Screen of Death or hybrid utilities such as MoonSols DumpIt.

help01
help02

Acknowledgements

I personally don’t have enough time to proceed to a full in-depth testing of all the commands on every of Windows, that’s is why I would like to thank few people who assisted me during with the testing of the private beta and their contributions. Now that the extension is public, I’m sure more bugs will be found – and as said above, feedback are highly appreciated and the mailing list is the most efficient way to share it :-)

Thanks to Frank Boldewin for his feedback and sharing his shellcode scanning techniques (!ms_malscore).

Thanks to Benjamin Delpy for his feedback and writing mimikatz (!ms_credentials).

Download

Current version is: v0.5.20140716 (16 July 2014)

La French Tech : Cyber-Security – Where is the money ?

Most of you probably already know the Cyber Fast Track (CFT) program from DARPA, formely led by Peiter Zatko (congrats again!), that provides fast access to grants to U.S. cyber security researchers.

In July 2013, France tried to launch a similar project (but obviously applications are more complex and bureaucratic) called “Investissements d’avenir pour la securite numerique”, the official press release can be found here.

The initiative had been launched by the ministers Arnaud Montebourg, Fleur Pellerin, and Louis Gallois, former CEO of Airbus (ex-EADS), as Commissaire général à l’investissement for the “Grand Emprunt“. Grand Emprunt is a 35 billions loan issued by France in 2010 as part of its innovation strategy to stimulate R&D in different fields. Unfortunately, the coordinator of the projects were not communicated.

July 2013’s press release announced a EUR 150 millions (USD 200M+ USD) fund, for cyber security projects. I have always been curious to know, who was the commission and jury in charge of reviewing the submissions, and when will the list of accepted contestants and projects be published. The cyber-security call-for-projects closed on the 29th November 2013. So I assume something must have happened since then.

I know a lot of potential candidates didn’t submit anything because they were afraid the funds would go to multi-billions dollars French defense companies, so I offered to check by myself on their behalf. Therefore, I tried to contact individuals and generic contact information available at @finances.gouv.fr for the above information, but I unfortunately never got I answer back.

Nonetheless, I thought it was a great initiative that was poorly communicated, I was myself very impressed and glad to see that the French government was supporting sovereign projects related to cyber-security.

Has any contestants, journalists or member of the “French Tech” heard of anything ?