Re: Hoping for help from politicians ...
@ trydk: That call for stricter IT security laws sounds good, but won't help very much. Such legislation might cause tiny startups to improve their IoT product's password protection from "hilarious" or "none" to "very basic", but that does not solve the much wider and much older fundamental problems in IT security.
We run IT infrastructure that is utterly vulnerable, offering myriads of holes making nasty attacks like WannaCry possible. When taken to court, Microsoft will certainly be able to prove that they are doing the best they can and are not neglecting their duties. In the WannaCry example, they had published a related Windows patch two month before the malware outbreak.
Other cases are even more difficult, it will often be hard to determine who should be held responsible at all - like in the Heartbleed case, which was caused by a bug in Open Source code.
Who is to blame for the fact that practically all of our IT gear is based on the vulnerable Von Neumann computer architecture ? In contrast, the Harvard architecture features solid seperation beween data and code, thus providing much better protection. But can vendors be sued for not investing many billions into something entirely different that would be extremely hard to bring to market ?
Legislation can help to create awareness, as shown in the GDPR case (it will take some time until the positive effects will prevail over the initial difficulties). However, politicians and lawyers cannot fix fundamental shortcomings in technology.