If you bumped into me on the street, you would probably not guess that I am a cyber security professional. I am, one might say, well-seasoned. Given my history of chasing bad actors who were attacking my mainframe, some may wonder if I have the skills necessary for such a bleeding edge profession (one CEO asked me exactly that). While I can certainly make that case effectively, there are many times my knowledge of the \u201colden days\u201d comes in very handy.Case in point: some years ago I was re-engineering the transaction system for a credit bureau. When I started, they were running black-box servers with custom DOS-based software. I had finished an 18-month project to replace everything with systems and software from the current century, and we had successfully gone live. Unfortunately, our largest client, still using modems to communicate for many of its locations, was complaining of connectivity issues. When the development team could not identify the issue, I jumped in.I remember sitting in the break room late one night talking to the communications developer about how he wrote his software. He was only a couple of years out of one of the top engineering schools in the country. I asked him about how he was handshaking with the modems.\u00a0 When he responded with a blank stare, I knew the problem.\u00a0 Having never worked with a modem in his life, he had no idea how to properly interface with them.\u00a0 Once I showed him, we had the system modified, testing, and operating properly in 30 minutes.You might think knowing how to work with modems is not particularly useful for 2018. Consider, however, the recent discovery of a vulnerability in some Android devices, allowing someone with physical device access to interact with many of the basic phone functions. It seems the implementation of phone controls in these very modern devices is based on the old Hayes modem command set. Since nobody has learned about this commend set in years, it took a fellow relic to discover the vulnerability.The fact is, much of our modern technology has its roots in systems that were in use many years ago.\u00a0And in certain industries, including healthcare, utilities and manufacturing, those original systems are still in use. In order for a cyber security professional today to fully understand the risks and how to address them, it helps to have a foundation in the old fundamentals.Here are four examples of older technologies that are still plaguing the information security world:FaxsploitAs I discussed in 5 cyber security basics you can't afford to ignore, Faxsploit allows a bad actor to access and exfiltrate data using only a fax line connected to multi-function printer, HP in this case. The problem is that the driver software for the fax port is ancient.\u00a0 It has not changed significantly in 15 years. On the other hand, newer network connectivity software has been added, with nobody stopping to think about its interaction with the fax software.HeartbleedHeartbleed, which was first reported in 2014, allowed clear text data to be obtained from SSL encrypted web sites. It is believed to have affected at least one third of all web sites at the time, and is considered one of the most serious sever vulnerabilities of all time. It was likely exploitable long before 2014, but was not discovered and reported until then.Social engineeringI suspect many people think social engineering is a recent phenomenon, but this could not be further from the truth.\u00a0 In the early days of phone hacking, people crawled around in dumpsters looking for discarded manuals to help them understand the inner workings of the phone systems of the day.\u00a0 These dives were often followed by phone calls to technical folks, under some pretense, to get additional information.\u00a0 Together, this information allowed hackers, known as "phone phreaks," to build devices allowing them to obtain free long distance.\u00a0 This practice got its start in the 1950s, peaking in the late 1960s.Today, dumpster diving is still a common practice, as is posing as someone you're not and using some pretense to obtain information.Cross-site scriptingIn 2007, cross-site scripting (XSS), which allows a bad actor to inject code into a user's browser session, was added to the OWASP Top 10 Vulnerabilities list.\u00a0 It has never gone away.\u00a0 This vulnerability can still be found on many web sites, and is actively being exploited by bad actors.The bottom lineAs I noted above, everything old is new again, and this certainly applies to cyber security.\u00a0 Many of the attack strategies used and vulnerabilities exploited today have their roots in what happened many years ago.\u00a0 You are well served if you understand these roots, and if you keep a few of us relics around to help with that perspective.