Re: Does there need to be an obligation to "encrypt" ?
It is very easy to throw bricks through windows here. What we really need is an expert to define some things....
..what encryption ? algorithm?, key length? protocols?
..and implementations that would actually use of the data that is encrypted ? - user access controls? key management security? multi-user access (in a world of web many users per one application is common you know)...
Just saying.
I am not defending Talk Talk as I do not know the full attack vector.
However,
Is it the drivers fault if the car manufacturer allowed a faulty batch of emissions control modules to be installed ?
Biting the hand that feeds IT
