The IBM researcher, Tom Cross, notified Cisco of the issues back in December, and recommends revisions to the standard that will ensure that it is more secure by default. That might be helpful, but it still wouldn't deal with the problems posed by unpatched systems—Cross himself apparently recognizes that network administrators can be hesitant to risk the disruption of service that may come with updating major pieces of equipment.

Tom is on Ars Technica Today. Go Tom!