ScreenOS uses Dual EC in a strange, non-standard way. Rather than generating all of their random numbers with Dual EC (which would be slow), they only use Dual EC to generate a seed for a fast 3DES-based generator called ANSI X9.17. Since that generator is actually FIPS-140 approved and generally believed to be sufficient to the purpose, it's not clear what value Dual EC is really adding to the system in the first place -- except, of course, its usefulness as a potential backdoor.
The good news here is that the post-processing by ANSI X9.17 should kill the Dual EC backdoor, since the attack relies on the attacker seeing raw output from Dual EC. The ANSI generator appears to completely obfuscate this output, thus rendering Dual EC "safe". This is indeed the argument Juniper made in 2013 when it decided to leave the Dual EC code in ScreenOS.
So, seeing as they are becoming competitors, when will Spotify disappear from the Apple App Store?
Has Apple ever removed a major competitor's app from the store? After it was approved?
Hire competent programmers or hire cheap programmers and install a database firewall instead. Some companies are going to opt for the cheap programmers.
Other than that, I guess you could use the database firewall if you have an old legacy system of questionable quality.
Just remember to start counting from the day the bug was reported and not from today.
Apple is dropping MacOS's support for PPC later this year, but you can still get Safari 4 for PPC today. Microsoft never even made Silverlight 2 for PPC.
And it's not that I mind; I've never encountered a site requiring Silverlight in my daily surfing, and if I did I'd just go somewhere else instead of reaching for my MacBook Pro, I'm just saying that Flash beats Silverlight when it comes to platform support.
Work continues in this area. -- DEC's SPR-Answering-Automaton