" Ok, I am aware of how it works, but I'm not talking pentests or hardening. I'm talking simple, cheap design choices in this case, that could've eliminated the whole Mirai debauchery."
Then you are not talking about the security industry or its failure to work are you? Its a failure in the development industry to have basic security awareness.
If you don't engage the security industry for pentests or consulting. You can't go any blame them when you get hacked.
>Its a failure in the development industry to have basic security awareness. //
Is that really it? Surely even a high-school level developer will realise that having a device connected to the wild web with a default user:pass will be hacked easily.
I'd have thought the problem is not wanting to support customer calls saying "we changed the password and now can't access our device". So default user:pass and no prompt to change it (and a backdoor just in case) means lower support costs.
Then you are not talking about the security industry or its failure to work are you? Its a failure in the development industry to have basic security awareness.
If you don't engage the security industry for pentests or consulting. You can't go any blame them when you get hacked.