[167787] in North American Network Operators' Group
Re: NSA able to compromise Cisco, Juniper, Huawei switches
daemon@ATHENA.MIT.EDU (shawn wilson)
Mon Dec 30 08:24:44 2013
In-Reply-To: <CALFTrnNzUUzPf_Lmu8+fLcddpK9-Pknx89AfXcX--VN6d3u0sQ@mail.gmail.com>
From: shawn wilson <ag4ve.us@gmail.com>
Date: Mon, 30 Dec 2013 08:24:01 -0500
To: Ray Soucy <rps@maine.edu>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Dec 30, 2013 at 8:07 AM, Ray Soucy <rps@maine.edu> wrote:
>
> I hope Cisco, Juniper, and others respond quickly with updated images for
> all platforms affected before the details leak.
So, if this plays out nice (if true, it won't), the fix will come
months before the disclosure. Think, if you're leasing a router from
your ISP, you might not have the ability to update it (or might
violate your contract). So, you need to wait for [manufacturer] to
update, test, and release an update, then you need to work with your
provider to make sure the update gets pushed correctly.
Also, even open hardware isn't completely open - see the Pi - probably
the most open of hardware stacks. The CPU isn't completely open. Also,
see FreeBSD not using hardware PRNG for this reason.
