Re: Advisory Update: ServerIron TCP/IP predictability fixed

[adam () ALGROUP CO UK (Adam Laurie)]

Andrew van der Stock said:
> Foundry acted quickly after the bugtraq posting, and will be revising all
> affected Foundry products in the near future. For Foundry ServerIron owners,
> there is a new firmware image, 6.0.03, which fixes a small number of other
> bugs which are definitely worth the upgrade. Please see the Foundry support
> web site for the release notes and to grab a copy of the new firmware image.
> This firmware revision also has support for the new native sshd
> implementation add-on. ssh support in a router is an excellent security
> feature, and one I hope the other network vendors take careful note of.

Although they acted quickly, this isn't the universal panacea it at
first appears to be...

First off, you can only get the update if you have a support contract,
have bought your switch in the last three months, or buy a new support
contract. For money.

Secondly, the ssh stuff doesn't provide any functionality until you give
them even more money.

As I had just bought a switch, I was able to obtain the update for free,
but I wonder how many people will accept the concept of paying to have a
security hole fixed???

cheers,
Adam

--
Adam Laurie                   Tel: +44 (181) 742 0755
A.L. Digital Ltd.             Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam () algroup co uk
UNITED KINGDOM                PGP key on keyservers