Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, your reasoning is a common fallacy: assuming that A and B are independent probabalistic events.

Attackers are not earthquakes.

If we assume that both NSA and Huawei are intelligent actors (spare us the jokes please) and that both NSA and Huawei have the option of abusing a certain power, then

    P(I get pwned) = P(NSA wants to pwn me) + P(Huawei wants to pwn me) + P(other)
Either NSA or Huawei can pwn you with this power, or both. Even if they both elect not to it's still possible someone else can and will.


Sorry, no,

P(A) >= P(A n B)

Always holds whether or not A and B are independent. A contains (A n B) therefore is always bigger.

The assumption being made is that the NSA can't abuse the Huawei access without Huawei being complicit. I.e. if NSA pwn me, Huawei gave them access, so actually it's the NSA and Huawei pwning me together.

P(NSA pwn me) = P(NSA pwn me because Huawei pwned me and gave them access) <= P(Huawei pwn me)


> P(A) >= P(A n B) Always holds whether or not A and B are independent

Yeah.

> The assumption being made is that the NSA can't abuse the Huawei access without Huawei being complicit.

I didn't understand that. That seems like a ridiculous assumption.


The article is about the possibility that the NSA could be bribing Huawei engineers or infiltrating Huawei with spies. Either way, it requires Huawei employees to be complicit, and for the Huawei support infrastructure to be compromised.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: