The Louvre's CCTV password was "Louvre"

https://twitter.com/trash_italiano/status/1985010735542591684

40•JustSkyfall•3mo ago

Comments

pwizzler•3mo ago

In fairness, French password requirements include one uppercase, one number, and three letters you don’t pronounce.

BLKNSLVR•2mo ago

"Hors d'oeuvre 69"

PlunderBunny•2mo ago

Bon!

viraptor•3mo ago

There's no link to that post and I can't find it in other ways. I'm really not sure if this is real. There's also no mention how they're accessible. If it's not accessible from public networks... who cares?

jabroni_salad•3mo ago

I think this is it: https://archive.is/l0web

Maybe one of the reasons the poster did not want to link the article is because the audit this finding is from was conducted 11 years ago.

acuozzo•3mo ago

> If it's not accessible from public networks... who cares?

Thieves, especially if there's a path to the room in which the cameras are accessed which is poorly covered by the camera distribution.

lurking_swe•3mo ago

This is security best practices 101 stuff. :) See the swiss cheese model, which applies here:

https://en.wikipedia.org/wiki/Swiss_cheese_model

It’s not smart to rely on a single point of failure to protect everything 100%. Maybe if you’re protecting home movies lol. But at the Louvre? Sheesh…

- What if the routers / modems have a security vulnerability?

- What if there’s (accidentally) an exposed ethernet cable somewhere in the museum that would let someone immediately access a private VLAN?

- What if someone breaks into the security room? either physically breaking the door down or stealing the keys to the room. That’s one of the first few passwords i’d guess as a thief.

viraptor•3mo ago

Nobody said anything about a single point of failure. Just that we need more context to figure out how important this is. Kind of like the zeros for the US nuclear weapons https://www.zmescience.com/other/offbeat-other/us-nuclear-la...

> What if someone breaks into the security room?

Normally a security / monitoring room has the cameras on the screen 24/7, so once you somehow get in and somehow there's nobody there and somehow nobody notices you breaking in... you just look at the screen.

lurking_swe•3mo ago

I agree it is hard to assess the impact just for that article alone.

Regarding the security room - sure the feed is live on the screen. That makes sense. But I would definitely expect more “admin” related features to require a login though. Like deleting footage, disabling a specific camera, etc.

alberth•3mo ago

CCTV have internet access?

Isn’t this suppose to be a “closed-circuit”.

arthurcolle•3mo ago

Closed Circuit maybe just Cloud Computing TV now haha

calimoro78•3mo ago

Still better than 'mot de passe' (password)

hulitu•3mo ago

> The Louvre's CCTV password was "Louvre"

Well, it is a "medium" password. Not "strong", not "weak", but "medium". It has 6 characters (instead of 8-11), it has big letters, small letters, the only thing missing being numbers and special signs. /s

Make security hard for users and the users will skip it entirely.

asdfwertertdsfg•2mo ago

I'd guess the rationale went something like "why are we protecting a camera system to a public museum, where anyone can see whatever is there by walking in"?

Of course, this also means we don't need Lester Crest to help us find out the vault contents (so no need to hack the security guard's phone for the wifi password either).

Big Tech vs. OpenClaw

Anofox Forecast

Ask HN: How do you figure out where data lives across 100 microservices?

Motus: A Unified Latent Action World Model

Rotten Tomatoes Desperately Claims 'Impossible' Rating for 'Melania' Is Real

The protein denitrosylase SCoR2 regulates lipogenesis and fat storage [pdf]

Los Alamos Primer

NewASM Virtual Machine

Terminal-Bench 2.0 Leaderboard

I vibe coded a BBS bank with a real working ledger

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

What the longevity experts don't tell you

Monzo wrongly denied refunds to fraud and scam victims

They were drawn to Korea with dreams of K-pop stardom – but then let down

Show HN: AI-Powered Merchant Intelligence

Bash parallel tasks and error handling

Let's compile Quake like it's 1997

Reverse Engineering Medium.com's Editor: How Copy, Paste, and Images Work

Go 1.22, SQLite, and Next.js: The "Boring" Back End

Laibach the Whistleblowers [video]

Slop News - The Front Page right now but it's only Slop

Economists vs. Technologists on AI