The Louvre's CCTV password was "Louvre"

https://twitter.com/trash_italiano/status/1985010735542591684

40•JustSkyfall•3mo ago

Comments

pwizzler•3mo ago

In fairness, French password requirements include one uppercase, one number, and three letters you don’t pronounce.

BLKNSLVR•3mo ago

"Hors d'oeuvre 69"

PlunderBunny•3mo ago

Bon!

viraptor•3mo ago

There's no link to that post and I can't find it in other ways. I'm really not sure if this is real. There's also no mention how they're accessible. If it's not accessible from public networks... who cares?

jabroni_salad•3mo ago

I think this is it: https://archive.is/l0web

Maybe one of the reasons the poster did not want to link the article is because the audit this finding is from was conducted 11 years ago.

acuozzo•3mo ago

> If it's not accessible from public networks... who cares?

Thieves, especially if there's a path to the room in which the cameras are accessed which is poorly covered by the camera distribution.

lurking_swe•3mo ago

This is security best practices 101 stuff. :) See the swiss cheese model, which applies here:

https://en.wikipedia.org/wiki/Swiss_cheese_model

It’s not smart to rely on a single point of failure to protect everything 100%. Maybe if you’re protecting home movies lol. But at the Louvre? Sheesh…

- What if the routers / modems have a security vulnerability?

- What if there’s (accidentally) an exposed ethernet cable somewhere in the museum that would let someone immediately access a private VLAN?

- What if someone breaks into the security room? either physically breaking the door down or stealing the keys to the room. That’s one of the first few passwords i’d guess as a thief.

viraptor•3mo ago

Nobody said anything about a single point of failure. Just that we need more context to figure out how important this is. Kind of like the zeros for the US nuclear weapons https://www.zmescience.com/other/offbeat-other/us-nuclear-la...

> What if someone breaks into the security room?

Normally a security / monitoring room has the cameras on the screen 24/7, so once you somehow get in and somehow there's nobody there and somehow nobody notices you breaking in... you just look at the screen.

lurking_swe•3mo ago

I agree it is hard to assess the impact just for that article alone.

Regarding the security room - sure the feed is live on the screen. That makes sense. But I would definitely expect more “admin” related features to require a login though. Like deleting footage, disabling a specific camera, etc.

alberth•3mo ago

CCTV have internet access?

Isn’t this suppose to be a “closed-circuit”.

arthurcolle•3mo ago

Closed Circuit maybe just Cloud Computing TV now haha

calimoro78•3mo ago

Still better than 'mot de passe' (password)

hulitu•3mo ago

> The Louvre's CCTV password was "Louvre"

Well, it is a "medium" password. Not "strong", not "weak", but "medium". It has 6 characters (instead of 8-11), it has big letters, small letters, the only thing missing being numbers and special signs. /s

Make security hard for users and the users will skip it entirely.

asdfwertertdsfg•2mo ago

I'd guess the rationale went something like "why are we protecting a camera system to a public museum, where anyone can see whatever is there by walking in"?

Of course, this also means we don't need Lester Crest to help us find out the vault contents (so no need to hack the security guard's phone for the wifi password either).

Show HN: Kokki – A "Dual-Core" System Prompt to Reduce LLM Hallucinations

Software Engineering Transformation 2026

Microsoft purges Win11 printer drivers, devices on borrowed time

Lunch with the FT: Tarek Mansour

Old Mexico and her lost provinces (1883)

'AI' is a dick move, redux

The source code was the moat. But not anymore

Does anyone else feel like their inbox has become their job?

An AI model that can read and diagnose a brain MRI in seconds

Dev with 5 of experience switched to Rails, what should I be careful about?

AlphaFace: High Fidelity and Real-Time Face Swapper Robust to Facial Pose

Scientists discover “levitating” time crystals that you can hold in your hand

Rammstein – Deutschland (C64 Cover, Real SID, 8-bit – 2019) [video]

Tell HN: Yet Another Round of Zendesk Spam

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

NY lawmakers proposed statewide data center moratorium

OpenClaw AI chatbots are running amok – these scientists are listening in

Show HN: AI agent forgets user preferences every session. This fixes it

Introduce the Vouch/Denouncement Contribution Model

Show HN: SSHcode – Always-On Claude Code/OpenCode over Tailscale and Hetzner

Microsoft appointed a quality czar. He has no direct reports and no budget

Multi-agent coordination on Claude Code: 8 production pain points and patterns

Washington Post CEO Will Lewis Steps Down After Stormy Tenure

DevXT – Building the Future with AI That Acts

A Minimal OpenClaw Built with the OpenCode SDK

The silent death of Good Code

The Internal Negotiation You Have When Your Heart Rate Gets Uncomfortable

Show HN: Glance – Fast CSV inspection for the terminal (SIMD-accelerated)

Busy for the Next Fifty to Sixty Bud