LinkedIn has been trying to make its business networking platform more like Facebook of late, with features like presence, and Google-like smart replies. Now, it's introducing voice messages just like Facebook and Facebook-owned WhatsApp. From a report: "Whether you're responding while walking or multitasking, or need to give an in-depth explanation, voice messages let you more easily and quickly communicate in your own voice with your connections," LinkedIn said in a blog. Personally, I loathe having to open voice messages on WhatsApp and have never received one on Facebook Messenger, but for the sender, at least, such services can be helpful if they're on the go and can't stop to type a message. And that's LinkedIn's justification for releasing the feature. LinkedIn thinks its new option will be a time-saver for users who find typing laborious in some situations. On the downside, this feature could rapidly become a real pain for those who already get bombarded with written messages from strangers promoting products and services on LinkedIn Messages.

secwatcher writes from a report via Threatpost: Cisco Talos researchers found flaws located in Samsung's centralized controller, a component that connects to an array of IoT devices around the house -- from light bulbs, thermostats, and cameras. SmartThings Hub is one of several DIY home networking devices designed to allow homeowners to remotely manage and monitor digital devices. "Given that these devices often gather sensitive information, the discovered vulnerabilities could be leveraged to give an attacker the ability to obtain access to this information, monitor and control devices within the home, or otherwise perform unauthorized activities," researchers said in a report. Threatpost goes on to detail the "multiple attack chain scenarios." Thankfully, Samsung has since patched the bugs. "We are aware of the security vulnerabilities for SmartThings Hub V2 and released a patch for automatic update to address the issue," a Samsung spokesperson told Threatpost. "All active SmartThings Hub V2 devices in the market are updated to date." The company released a firmware advisory for Hub V2 devices on July 9th.

Qualcomm announced its new QTM052 mmWave antenna modules that will enable 5G networks on select mobile phones. The penny-sized antenna array features four antennas that can accurately point toward the nearest 5G tower. It can even bounce signals off of surrounding surfaces, if needed. The Verge reports: The QTM052 is designed to be small enough that device manufacturers will be able to embed it into the bezel of a phone. Qualcomm's X50 5G modem is already designed to support up to four of the antenna arrays, one for each side of the phone, allowing for 16 total antennas and ensuring that no matter how you hold your phone, the signal won't get blocked. Qualcomm says that the first devices with the QTM052 antennas should be launching as early as the beginning of 2019 -- and hopefully, there'll be some actual 5G networks to use them with by then.

Cisco released 25 security updates Wednesday, including a critical patch removing an undocumented password for "root" accounts of Cisco Policy Suite (sold to ISPs and large corporate clients). "The vulnerability received a rare severity score of 9.8 out of a maximum of 10 on the CVSSv3 scale," reports Bleeping Computer.

An anonymous reader quotes Tom's Hardware: Over the past few months, not one, not two, but five different backdoors joined the list of security flaws in Cisco routers.... In March, a hardcoded account with the username "cisco" was revealed. The backdoor would have allowed attackers to access over 8.5 million Cisco routers and switches remotely. That same month, another hardcoded password was found for Cisco's Prime Collaboration Provisioning software, which is used for remote installation of Cisco's video and voice products. Later this May, Cisco found another undocumented backdoor account in Cisco's Digital Network Architecture Center, used by enterprises for the provisioning of devices across a network. In June, yet another backdoor account was found in Cisco's Wide Area Application Services, a software tool for Wide Area Network traffic optimization...

Whether or not the backdoor accounts were created in error, Cisco will need to put an end to them before this lack of care for security starts to affect its business.

A week after a report claimed that Amazon Web Services was building its own bare-bones networking switch in a potential threat to networking giant companies, Cisco says it has checked with Amazon, with which it has long maintained a relationship, and it has been assured by the ecommerce giant that is not entering its territory. From a report: AWS CEO Andy Jassy and Cisco CEO Chuck Robbins had a "recent call" from which Robbins walked away satisfied that AWS wasn't "actively building a commercial network switch," Marketwatch reported Wednesday, citing a statement from Cisco that it confirmed as authentic with AWS. That follows a report last week from The Information that AWS was working on a so-called "white-box switch," which the site portrayed as a frontal assault on Cisco that sent networking stocks slumping on a lazy summer Friday afternoon.

Mehedi Hassan, writing for Thurrott: Microsoft is bringing support for leap seconds -- yes, that one extra second -- to Windows, starting with Windows 10 Redstone 5 and Windows Server 2019. With the upcoming updates for Windows 10, Microsoft's operating system now deals with leap seconds in a way that is incredibly accurate, UTC-compliant, and traceable. Leap seconds typically occur every 18 months, resulting in one extra second. The extra leap second occurs to adjust with the earth's slowed down rotation, and an extra second is added to UTC in order to keep it in-sync with mean solar time. To deal with the extra second more appropriately, Windows 10 will now display that extra second, instead of directly jumping to the next one. H/T Perfycat who adds: The new move makes Windows Server the first OS to have full support of the rare but valid timestamp of: 23:59:60. Linus Torvalds has long maintained that users needs to chill out about leap seconds. Further reading: Microsoft's blog post 1, and blog post 2.

Amazon Web Services already dominates the market for cloud services. Now, reports The Information, it is eyeing a part of the cloud business it doesn't already control: the $14 billion global market for data center switches [Editor's note: the link may be paywalled; alternative source]. From the report: AWS is considering selling its own networking switches for business customers -- hardware devices that move traffic around networks, according to a person with direct knowledge of the cloud unit's plans and another person who has been briefed on the project. The plan could plunge Amazon more deeply into the lucrative enterprise computing market, posing a direct challenge to incumbents in the business like Cisco, along with Arista Networks and Juniper Networks.

As it does in many other categories, Amazon plans to use price to undercut rivals. The company could price its white-box switches between 70% and 80% less than comparable switches from Cisco, one of the people with knowledge of the program estimated.

Public exploit code has been published for a severe vulnerability which last year affected Hewlett Packard Integrated Lights-Out 4 (HP iLO 4), a tool for remotely managing the company's servers.

HPE "silently released" patches last August, an anonymous reader reports, adding "details only emerged this spring after researchers started presenting their work at security conferences." The vulnerability is an authentication bypass that allows attackers access to HP iLO consoles. Researchers say this access can later be used to extract cleartext passwords, execute malicious code, and even replace iLO firmware. But besides being a remotely exploitable flaw, this vulnerability is also as easy as it gets when it comes to exploitation, requiring a cURL request and 29 letter "A" characters, as below:

curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

Because of its simplicity and remote exploitation factor, the vulnerability — tracked as CVE-2017-12542 — received a severity score of 9.8 out of 10.

An anonymous reader quotes a report from CNET: Facebook has admitted providing dozens of tech companies with special access to user data after publicly saying it restricted such access in 2015. Facebook continued sharing information with 61 hardware and software makers after it said it discontinued the practice in May 2015, the social networking giant acknowledged in 747 pages of documents delivered to Congress late Friday. The documents were in response to hundreds of questions posed to Facebook CEO Mark Zuckerberg by members of Congress in April.

Facebook said it granted a special "one-time" six-month extension to companies that ranged from AOL to package-delivery service United Parcel Service to dating app Hinge so they could come into compliance with the social network's new privacy policy and create their own versions of Facebook for their devices. Data shared without users' knowledge included friends' names, genders and birth dates. Facebook's documents also said it had discovered that five other companies "theoretically could have accessed limited friends' data" as a result of a beta test. Facebook said in the documents it has ended 38 of the partnerships and plans to discontinue seven more by the end of July.

"Despite Microsoft's assurances, Windows 10 1803 isn't ready for prime time," writes ComputerWorld's Woody Leonhard, adding "Microsoft's patches in June took on some unexpected twists..." Win10 1803 was declared fully fit for business, a pronouncement that was followed weeks later by fixes for a few glaring, acknowledged bugs -- and stony silence for other known problems. We're continuing the two-big-cumulative-updates-a-month pace for all supported versions of Windows 10. The second cumulative update frequently fixes bugs introduced by the first cumulative update. Microsoft may think that Win10 (1803) is ready for widespread deployment, but there are a few folks who would take issue with that stance...

Tuesday, Microsoft finally released a fix for two big bugs that have dogged Win10 1803 since its inception... In practice, life isn't so simple. WSUS (the Windows Update Server software) isn't "seeing" KB 4284848, as of late Wednesday afternoon -- which may be a good thing. Along with the second cumulative update this month, there are additional releases to fix the Servicing Stack, and a new "Compatibility update" that, per the documentation, is designed to make it easier to upgrade Win10 1803 Enterprise to Win10 1803 Enterprise (not a typo)...

One problem that has been acknowledged -- but only by a Microsoft Agent on an Answers Forum post -- says that installing 1803 can clobber your peer-to-peer network. That certainly matches my experience.
Woody concludes, "If you think Win10 1803 is ready for prime time, you're welcome to give it a try."

Facebook's controversial Messenger Kids app is heading outside the U.S. to Canada and Peru. From a report: As part of the expansion, the social networking giant said Friday that it would also debut Spanish and French language versions of the children's messaging app that are now available in all three countries where the service is available. Facebook introduced Messenger Kids in December, pitching it as a safer way for children under 13 to chat with friends while sending them silly GIFs, emoji, and other goofy digital imagery. Unlike the core Facebook social networking service or other messaging apps, Facebook said that Messenger Kids does not display any online ads or allow kids to buy things within the app.

Algeria has begun instituting nationwide internet blackouts to prevent students from leaking high school diploma exams online. Gizmodo reports: The country will turn off mobile and landline internet service across the country for an hour at a time during the exam period, which started on Wednesday and runs through June 25. The 11 blackouts are scheduled for an hour after each exam begins. In 2016, exam questions were reportedly leaked online and authorities were dissatisfied with a less stringent attempt to limit social media during the 2017 exams. The sweeping shutdown will also block Facebook for the entirety of the exam period, Education Minister Nouria Benghabrit told Algerian newspaper Annahar, according to the BBC. Benghabrit reportedly said they are "not comfortable" with their choice to shut down all internet service, but that they "should not passively stand in front of such a possible leak." Metal detectors are reportedly being used to make sure that no one brings any internet-enabled devices into the exam halls. Surveillance cameras and phone jammers are also being used at the locations where the exams are being printed.

The developer teams from Google Home, Roku TV, and Sonos, are preparing security patches to prevent DNS rebinding attacks on their devices. From a report: Roku has already started deploying updates, while Google and Sonos are expected to deploy patches next month. DNS rebinding is not a new attack vector by any stretch of the imagination. Researchers have known about it since 2007 when it was first detailed in a Stanford research paper. The purpose of a DNS rebinding attack is to make a device bind to a malicious DNS server and then make the device access unintended domains.

L-One-L-One writes: Most IoT home projects today are based on Wi-Fi, Bluetooth, Zigbee, and friends. But this is not always the ideal solution: you end up swapping batteries frequently, which becomes annoying quite quickly. You also have to deal with signal strength issues and interferences. To address this problem, a new Kickstarter campaign called NoCAN is proposing an Arduino-compatible internet-of-things platform based on wired connections that combine networking and power in one cable. The platform uses a set of cheap Arduino-compatible nodes controlled through a Raspberry Pi. The network uses CAN-bus and offers a publish/subscribe mechanism like MQTT and over-the-network firmware updates. It can also be controlled by a smartphone or tablet. Even with such features, can it succeed in going against the all-wireless trend? We'll know in a few weeks.

According to estimates from media agency Zenith, next year, for the first time, people will spend more time using the internet than watching TV. People will spend an average of 170.6 minutes a day, or nearly three hours, using the internet in 2019. That's a tad more than the 170.3 minutes they're expected to spend watching TV. Quartz reports: Zenith measured media by how they are transmitted or distributed, such as broadcasts via TV signals and newspapers in print. Watching videos on the web through platforms like Netflix and YouTube, or reading a newspaper's website, counted as internet consumption. Nearly one-quarter of all media consumption across the globe will be through mobile this year, up from 5% in 2011. The average person will spend a total of about eight hours per day consuming media in its many forms this year, Zenith forecasts.

In some parts of the world, TV will remain on top -- for now. Zenith forecasted media consumption through 2020 and did not expect the internet to overtake TV in Europe, Latin America, and the whole of North America in that time. In the U.S., it was projected to surpass TV in the U.S. in two years.

An anonymous reader quotes ZDNet: Vint Cerf notes that the world ran out of IPv4 address space around 2011, some 13 years after internet engineers started sketching out IPv6, under the belief back then that IPv4 addresses would run out imminently. Since 'World IPv6 Launch' on June 6, 2012, significant progress has been made. Back then just one percent of users accessed Google services over IPv6. Now roughly a quarter of users access Google over IPv6. But Cerf noted that "it's certainly been a long time since the standards were put in place, and it's time to get with the program"...

The Internet Society's snapshot of IPv6 in 2018 notes that Google reports that 49 countries deliver more than five percent of traffic over IPv6. There are also 24 countries where IPv6 traffic is greater than 15 percent, including the US, Canada, Brazil, Finland, India, and Belgium. Additionally, 17 percent of the top million Alexa sites work with IPv6, while 28 percent of the top 1,000 Alexa sites do. Enterprise operations are IPv6's "elephant in the room", according to the Internet Society. Around 25 percent of all internet-connected networks advertise IPv6 connectivity, and the Internet Society suspects that most of the networks that don't are enterprise networks.

Earlier this week, a federal court in Germany threw out a challenge by the world's largest internet hub, the De-Cix exchange, against the tapping of its data flows by the BND foreign intelligence service. What this means is that the country's spy agency can continue to monitor major internet hubs if Berlin deems it necessary for strategic security interests. From a report: The operator had argued the agency was breaking the law by capturing German domestic communications along with international data. However, the court in the eastern city of Leipzig ruled that internet hubs "can be required by the federal interior ministry to assist with strategic communications surveillance by the BND." De-Cix says its Frankfurt hub is the world's biggest internet exchange, bundling data flows from as far as China, Russia, the Middle East and Africa, which handles more than six terabytes per second at peak traffic.

De-Cix Management GmbH, which is owned by eco Association, the European internet industry body, had filed suit against the interior ministry, which oversees the BND and its strategic signals intelligence. It said the BND, a partner of the US National Security Agency (NSA), has placed so-called Y-piece prisms into its data-carrying fibre optic cables that give it an unfiltered and complete copy of the data flow. The surveillance sifts through digital communications such as emails using certain search terms, which are then reviewed based on relevance.

An anonymous reader quotes a report from Bloomberg: Three years ago, Facebook was the dominant social media site among U.S. teens, visited by 71 percent of people in that magic, trendsetting demographic. Not anymore. Now only 51 percent of kids ages 13-17 use Facebook, according to Pew Research Center. The world's largest social network has finally been eclipsed in popularity by YouTube, Snapchat and Facebook Inc.-owned Instagram. Alphabet Inc.'s YouTube is the most popular, used by 85 percent of teens, according to Pew.

Instagram is slightly more popular than Snapchat overall, Pew said, with 72 percent of respondents saying they use the photo-sharing app, compared with Snapchat's 69 percent. But Snap Inc. is holding its own, despite Instagram's frequent parroting of its features. About one-third of the survey's respondents said they visit Snapchat and YouTube most often, while 15 percent said Instagram is their most frequent destination. Meanwhile, only 10 percent of teens said Facebook is their most-used online platform. The Pew analysis was based on a survey of 1,058 parents who have a teenager from 13 to 17, as well as interviews with 743 teens themselves. The survey also found that 99% of teens own a smartphone or have access to one, and 45% said they're online "on a near-constant basis."

Billly Gates writes: Windows 10 build 1803 has come out this month, but with some problems. AnandTech has a deep-dive with the review examing many new features including the much better support for Linux. WSL (Windows Subsystem for Linux) now has native Curt and Tar from the command prompt as well as a utility to convert Unix to Windows pathnames called WSLpath.exe which is documented here. In addition it was mentioned on Slashdot in the past about OpenSSH being ported natively to Win32 in certain early builds. It now seems the reason was for Linux interoperability with this Spring Update 2. Unix sockets mean you can run Kali Linux on Windows 10 for penetration testing or run an Apache server in the background with full Linux networking support. Deemons now run in the background even with the command prompt closed. [...]

Several readers have shared a blog post: One of the ongoing system administration controversies in Linux is that there is an ongoing effort to obsolete the old, cross-Unix standard network administration and diagnosis commands of ifconfig, netstat and the like and replace them with fresh new Linux specific things like ss and the ip suite. Old sysadmins are generally grumpy about this; they consider it yet another sign of Linux's 'not invented here' attitude that sees Linux breaking from well-established Unix norms to go its own way. Although I'm an old sysadmin myself, I don't have this reaction. Instead, I think that it might be both sensible and honest for Linux to go off in this direction. There are two reasons for this, one ostensible and one subtle.

The ostensible surface issue is that the current code for netstat, ifconfig, and so on operates in an inefficient way. Per various people, netstat et al operate by reading various files in /proc, and doing this is not the most efficient thing in the world (either on the kernel side or on netstat's side). You won't notice this on a small system, but apparently there are real impacts on large ones. Modern commands like ss and ip use Linux's netlink sockets, which are much more efficient. In theory netstat, ifconfig, and company could be rewritten to use netlink too; in practice this doesn't seem to have happened and there may be political issues involving different groups of developers with different opinions on which way to go.

(Netstat and ifconfig are part of net-tools, while ss and ip are part of iproute2.)

However, the deeper issue is the interface that netstat, ifconfig, and company present to users. In practice, these commands are caught between two masters. On the one hand, the information the tools present and the questions they let us ask are deeply intertwined with how the kernel itself does networking, and in general the tools are very much supposed to report the kernel's reality. On the other hand, the users expect netstat, ifconfig and so on to have their traditional interface (in terms of output, command line arguments, and so on); any number of scripts and tools fish things out of ifconfig output, for example. As the Linux kernel has changed how it does networking, this has presented things like ifconfig with a deep conflict; their traditional output is no longer necessarily an accurate representation of reality.