huawei

• Previous message (by thread): huawei
• Next message (by thread): huawei
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 13, 2013 at 03:55:24PM -0700, Adrian wrote:
> Extraordinary claims require extra ordinary proof.

Thanks for the pointers; most enlightening.  (And I say that even
before coffee has taken full effect.  I'll re-read once it has.)

However, and perhaps I should have explained this in my original message,
whether or not this was an oops! of leftover debugging, whether or not
the Chinese actually did this, whether or not the chip meets military
operational temperature requirements, etc., are all secondary to the
point I was (poorly) trying to make.  Let me try again.

(1) There is often a presumption, when, let's say, a particularly
sophisticated piece of malware is analyzed, or a large botnet is detected,
or a security hole is uncovered in a piece of software, that it's the
worst one -- because it's the worst one *publicly known to date*.

But that's wishful thinking.  There's probably a nastier piece of malware
out there.  There's probably a larger botnet.  There's probably a bigger
security hole in that piece of software.  Whatever the severity
distribution of these is (and I don't think that's knowable) it would
be amazing if we just happened to hit on the one that's at the extreme
end of the curve.

Reality is usually not that convenient.

Thus however bad these things are, and we can certainly debate that (and
we have) (and we will), there's probably something worse that we're not
debating because we don't know about it.

(2) As Bruce Schneier has observed, attacks always get better.  So even
if, against the odds, we happen to be lucky enough to be looking at 
something that really, really is at the far end of the severity
distribution -- tomorrow there will be something worse.

---rsk

• Previous message (by thread): huawei
• Next message (by thread): huawei
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]