"old internet stuff wasn't made with security in mind"
no, measures were taken against then known threats with then known possible mitigations
it's usually framed like people in the 1980s were extremely naive but I think that misses it
@eloy I don't think that captures it fully either - there were also a lot of known mitigations against known threats that simply weren't implemented for business-related reasons, even though they *could* have been (capability security would be one example).
@joepie91 @eloy if find it more peculiar when big tech that should know better, not even implemented basic 1990s era security precautions
Looking specifically at Cisco ACI on 9k switches. Ref https://ernw.de/en/whitepapers/issue-68.html everything running as root
@joepie91 yeah true