Cars
Cisco’s warning: Patch now, critical SSH flaw affects Nexus 9000 fabric switches

Cisco has revealed that its Nexus 9000 fabric switches have a critical flaw that could allow anyone to remotely connect to a vulnerable device using Secure Shell (SSH) and control it with root user privileges.
The company disclosed the bug on Tuesday and has given it a severity rating of 9.8 out of 10.
The issue stems from SSH key management in the Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software. Cisco mistakenly put a default SSH key pair in the devices that an attacker could grab by connecting to the device over IPv6.
“An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials. An exploit could allow the attacker to access the system with the privileges of the root user,” Cisco explains, noting it can’t be exploited over IPv4.
SEE: 10 tips for new cybersecurity pros (free PDF)
The bug was found by external security researcher Oliver Matula from ERNW Enno Rey Netzwerke.
There are no workarounds, so Cisco is encouraging customers to update the software.
The bug affects the 9000 Series Fabric Switches in ACI mode if it is running Cisco NX-OS Software release before 14.1(1i).
Cisco has fixes available for several other vulnerabilities acting the Nexus 9000 software, all of which affect systems running Cisco NX-OS Software release prior to 14.1(1i)
ERNW’s Matula also reported a medium-severity path traversal flaw in the Nexus 9000 ACI mode software that would allow a local attacker with valid credentials to use ‘symbolic links’ to overwrite potentially sensitive system files.
Another fix in Cisco NX-OS Software 14.1(1i) is a high-severity elevation of privilege flaw that allowed a local attacker with valid admin credentials for a device to execute arbitrary NX-OS commands as the root user.
“The vulnerability is due to overly permissive file permissions of specific system files. An attacker could exploit this vulnerability by authenticating to an affected device, creating a crafted command string, and writing this crafted string to a specific file location,” Cisco explains.
Pre-14.1(1i) NX-OS also wasn’t properly validating TLS client certificates sent between components of an ACI fabric.
An attacker with a certificate that is trusted by the Cisco Manufacturing certificate authority and the corresponding private key could present a valid certificate while attempting to connect to the targeted device.
“An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device,” Cisco notes.
More on Cisco and security
Cars
2024 Genesis GV60 RWD Fixes The EV’s Biggest Problem

The 2024 Genesis GV60 Standard RWD trim has a starting MSRP of $52,000. The GV60 Advanced AWD and GV60 Performance AWD models start at $60,550 and $69,550, respectively. Another issue cited in SlashGear’s review of the 2023 Genesis GV60 was the vehicle’s limited availability in North America, a problem that hasn’t quite been solved. The GV60 Standard RWD and GV60 Advanced AWD are currently available at select retailers in 23 states, while the availability of the GV60 Performance AWD hasn’t yet been announced.
Despite limited availability, the 2024 Genesis GV60 shouldn’t be overlooked when considering a new EV, especially considering its increased range. Other standard features new to the Genesis GV60 include a Wi-Fi hotspot capability, Highway Driving Assist II, and Advanced Forward Collision Avoidance-Assist. Plus, Genesis added more airbags to the 2024 model, as well as a seat belt pretensioner, load limiter, and rear seat belt reminder.
The luxury EV also retains advanced features Genesis had implemented in previous models, including tech that allows drivers to operate their vehicle using fingerprint and/or facial recognition in lieu of a key. Additionally, it uses a glowing crystal ball as its drive shift, which may be the vehicle’s most unique and innovative feature. Anyone interested in purchasing a 2024 Genesis GV60 can visit a local Genesis retailer or the automaker’s website for more details.
Cars
The History Of Presidential Aircraft From Roosevelt To Biden

Just as the 20th century dawned, a new age of mankind was dawning. Near the end of 1903, Wilbur and Orville Wright accomplished a previously insurmountable task that would alter the course of humanity for the next century and beyond. On December 17, 1903, the Wright brothers took flight in their flying machine.
The dream to touch the sky was a dream no longer, and it was only a matter of time until the President of the United States grasped the import of the development. Nearly a decade after the Wright brothers took the first flight in human history, former President Theodore Roosevelt became the first President to ever fly.
At the time, Roosevelt had been out of office for over a year. At a county fair in St. Louis, Missouri in 1910, President Roosevelt was flown over the crowd. Although a rather inconspicuous occasion, this would be the historic first for presidential air travel. The brief trip was made in a Wright Flyer by Archibald Hoxsey, who himself worked for the Wright Brothers. The Wright Flyer is the comparatively primitive airplane the Wright Brothers designed to enable air travel. The first airplane was born of the Wright Brothers’ experimentation with gliders, which ultimately led them to attach a propulsion system.
After President Roosevelt’s flight, presidential aviation didn’t really pick up any momentum for over two decades. Although Theodore Roosevelt was the first president to ever take to the sky, it would be his distant cousin, Franklin Delano Roosevelt, who would be in office for the birth of presidential air travel as we know it today.
Cars
Nintendo Announces End Of Online Service For 3DS And Wii U Following eShop Shutdown

Nintendo 3DS and Wii U gamers will still be able to play offline games on their devices. Users will also be able to download update data and any software or DLC already purchased from the Nintendo eShop. However, it’s important to note that you cannot simply go and purchase the games you missed out on before the shutdown, as the online store ceased operations in March of this year.
A few services will remain functional after Nintendo completes its general online shutdown. StreetPass, the application that lets users communicate directly between devices, will remain available since it utilizes a local connection.
Additionally, the “Pokemon Bank” and “Poke Transporter” applications will retain their online functionalities. “Pokemon Bank,” made free earlier this year, allows users to store up to 3,000 Pokemon in an online bank. “Poke transporter” is a companion application to “Pokemon Bank” that allows users to transfer Pokemon from Gen 5 games and the Virtual Console versions of Gen 1 and 2 to their online inventory.
Although Nintendo is keeping these applications functional for now, it stated that they “may also end at some point in the future.” Many “Pokemon” fans are urging others to transfer their pocket monsters to the Switch’s “Pokemon Home” before it is too late.
-
Social1 year ago
Web.com website builder review
-
Social4 years ago
CrashPlan for Small Business Review
-
Gadgets5 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
-
Cars5 years ago
What’s the best cloud storage for you?
-
Social5 years ago
iPhone XS priciest yet in South Korea
-
Mobile5 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
-
Security5 years ago
Google latest cloud to be Australian government certified
-
Social5 years ago
Apple’s new iPad Pro aims to keep enterprise momentum