NSA able to compromise Cisco, Juniper, Huawei switches

shawn wilson ag4ve.us at gmail.com
Mon Dec 30 13:24:01 UTC 2013

On Mon, Dec 30, 2013 at 8:07 AM, Ray Soucy <rps at maine.edu> wrote:

> I hope Cisco, Juniper, and others respond quickly with updated images for
> all platforms affected before the details leak.

So, if this plays out nice (if true, it won't), the fix will come
months before the disclosure. Think, if you're leasing a router from
your ISP, you might not have the ability to update it (or might
violate your contract). So, you need to wait for [manufacturer] to
update, test, and release an update, then you need to work with your
provider to make sure the update gets pushed correctly.

Also, even open hardware isn't completely open - see the Pi - probably
the most open of hardware stacks. The CPU isn't completely open. Also,
see FreeBSD not using hardware PRNG for this reason.

More information about the NANOG mailing list