On Mon, Dec 30, 2013 at 8:07 AM, Ray Soucy <rps@maine.edu> wrote:
I hope Cisco, Juniper, and others respond quickly with updated images for all platforms affected before the details leak.
So, if this plays out nice (if true, it won't), the fix will come months before the disclosure. Think, if you're leasing a router from your ISP, you might not have the ability to update it (or might violate your contract). So, you need to wait for [manufacturer] to update, test, and release an update, then you need to work with your provider to make sure the update gets pushed correctly. Also, even open hardware isn't completely open - see the Pi - probably the most open of hardware stacks. The CPU isn't completely open. Also, see FreeBSD not using hardware PRNG for this reason.