@dangoodin @SteveBellovin I've spent many an hour in the corner, often deservedly.I think the greater issue here is not the use of an algorithm that is know to be vulnerable but rather that we have too often used the "crunchy on the outside, soft on the inside" model of security rather than building layers of protection and adherence to the principle of "least privilege".Microsoft may well be culpable for not keeping up with the often staggering rate of change of security risks, methods, and algorithms.But what is the standard that we use to measure that culpability? Are we to go to a strict product-liability standard? (i.e. they made it, they are liable, no excuses - essentially an insurance system.)I bring up self driving vehicles as an example of the fuzziness of the standards. We want to encourage innovation but we also want to block crazed deployment such as Tesla's "full self driving" representations. The real question is who bears the risk and costs of the damage?
D
