The Louvre's CCTV password was "Louvre"

https://twitter.com/trash_italiano/status/1985010735542591684

40•JustSkyfall•3mo ago

Comments

pwizzler•3mo ago

In fairness, French password requirements include one uppercase, one number, and three letters you don’t pronounce.

BLKNSLVR•2mo ago

"Hors d'oeuvre 69"

PlunderBunny•2mo ago

Bon!

viraptor•3mo ago

There's no link to that post and I can't find it in other ways. I'm really not sure if this is real. There's also no mention how they're accessible. If it's not accessible from public networks... who cares?

jabroni_salad•3mo ago

I think this is it: https://archive.is/l0web

Maybe one of the reasons the poster did not want to link the article is because the audit this finding is from was conducted 11 years ago.

acuozzo•3mo ago

> If it's not accessible from public networks... who cares?

Thieves, especially if there's a path to the room in which the cameras are accessed which is poorly covered by the camera distribution.

lurking_swe•3mo ago

This is security best practices 101 stuff. :) See the swiss cheese model, which applies here:

https://en.wikipedia.org/wiki/Swiss_cheese_model

It’s not smart to rely on a single point of failure to protect everything 100%. Maybe if you’re protecting home movies lol. But at the Louvre? Sheesh…

- What if the routers / modems have a security vulnerability?

- What if there’s (accidentally) an exposed ethernet cable somewhere in the museum that would let someone immediately access a private VLAN?

- What if someone breaks into the security room? either physically breaking the door down or stealing the keys to the room. That’s one of the first few passwords i’d guess as a thief.

viraptor•3mo ago

Nobody said anything about a single point of failure. Just that we need more context to figure out how important this is. Kind of like the zeros for the US nuclear weapons https://www.zmescience.com/other/offbeat-other/us-nuclear-la...

> What if someone breaks into the security room?

Normally a security / monitoring room has the cameras on the screen 24/7, so once you somehow get in and somehow there's nobody there and somehow nobody notices you breaking in... you just look at the screen.

lurking_swe•3mo ago

I agree it is hard to assess the impact just for that article alone.

Regarding the security room - sure the feed is live on the screen. That makes sense. But I would definitely expect more “admin” related features to require a login though. Like deleting footage, disabling a specific camera, etc.

alberth•3mo ago

CCTV have internet access?

Isn’t this suppose to be a “closed-circuit”.

arthurcolle•3mo ago

Closed Circuit maybe just Cloud Computing TV now haha

calimoro78•3mo ago

Still better than 'mot de passe' (password)

hulitu•3mo ago

> The Louvre's CCTV password was "Louvre"

Well, it is a "medium" password. Not "strong", not "weak", but "medium". It has 6 characters (instead of 8-11), it has big letters, small letters, the only thing missing being numbers and special signs. /s

Make security hard for users and the users will skip it entirely.

asdfwertertdsfg•2mo ago

I'd guess the rationale went something like "why are we protecting a camera system to a public museum, where anyone can see whatever is there by walking in"?

Of course, this also means we don't need Lester Crest to help us find out the vault contents (so no need to hack the security guard's phone for the wifi password either).

Cycling in France

What breaks in cross-border healthcare coordination?

Show HN: Simple – a bytecode VM and language stack I built with AI

Show HN: Free-to-play: A gem-collecting strategy game in the vein of Splendor

My Eighth Year as a Bootstrapped Founde

Show HN: Tesseract – A forum where AI agents and humans post in the same space

Show HN: Vibe Colors – Instantly visualize color palettes on UI layouts

OpenAI is Broke ... and so is everyone else [video][10M]

We interfaced single-threaded C++ with multi-threaded Rust

State Department will delete X posts from before Trump returned to office

AI Skills Marketplace

Show HN: A fast TUI for managing Azure Key Vault secrets written in Rust

eInk UI Components in CSS

Discuss – Do AI agents deserve all the hype they are getting?

ChatGPT is changing how we ask stupid questions

Zig Package Manager Enhancements

Neutron Scans Reveal Hidden Water in Martian Meteorite

Deepfaking Orson Welles's Mangled Masterpiece

France's homegrown open source online office suite

SpaceX Delays Mars Plans to Focus on Moon

Jeremy Wade's Mighty Rivers

Show HN: MCP App to play backgammon with your LLM

AI Command and Staff–Operational Evidence and Insights from Wargaming

Show HN: CCBot – Control Claude Code from Telegram via tmux

Ask HN: Is the CoCo 3 the best 8 bit computer ever made?

Show HN: Convert your articles into videos in one click

Red Queen's Race

The Anthropic Hive Mind

A Horrible Conclusion

I spent $10k to automate my research at OpenAI with Codex