The Louvre's CCTV password was "Louvre"
twitter.comI'd guess the rationale went something like "why are we protecting a camera system to a public museum, where anyone can see whatever is there by walking in"?
Of course, this also means we don't need Lester Crest to help us find out the vault contents (so no need to hack the security guard's phone for the wifi password either).
CCTV have internet access?
Isn’t this suppose to be a “closed-circuit”.
Closed Circuit maybe just Cloud Computing TV now haha
There's no link to that post and I can't find it in other ways. I'm really not sure if this is real. There's also no mention how they're accessible. If it's not accessible from public networks... who cares?
I think this is it: https://archive.is/l0web
Maybe one of the reasons the poster did not want to link the article is because the audit this finding is from was conducted 11 years ago.
This is security best practices 101 stuff. :) See the swiss cheese model, which applies here:
https://en.wikipedia.org/wiki/Swiss_cheese_model
It’s not smart to rely on a single point of failure to protect everything 100%. Maybe if you’re protecting home movies lol. But at the Louvre? Sheesh…
- What if the routers / modems have a security vulnerability?
- What if there’s (accidentally) an exposed ethernet cable somewhere in the museum that would let someone immediately access a private VLAN?
- What if someone breaks into the security room? either physically breaking the door down or stealing the keys to the room. That’s one of the first few passwords i’d guess as a thief.
Nobody said anything about a single point of failure. Just that we need more context to figure out how important this is. Kind of like the zeros for the US nuclear weapons https://www.zmescience.com/other/offbeat-other/us-nuclear-la...
> What if someone breaks into the security room?
Normally a security / monitoring room has the cameras on the screen 24/7, so once you somehow get in and somehow there's nobody there and somehow nobody notices you breaking in... you just look at the screen.
I agree it is hard to assess the impact just for that article alone.
Regarding the security room - sure the feed is live on the screen. That makes sense. But I would definitely expect more “admin” related features to require a login though. Like deleting footage, disabling a specific camera, etc.
> If it's not accessible from public networks... who cares?
Thieves, especially if there's a path to the room in which the cameras are accessed which is poorly covered by the camera distribution.
Still better than 'mot de passe' (password)
> The Louvre's CCTV password was "Louvre"
Well, it is a "medium" password. Not "strong", not "weak", but "medium". It has 6 characters (instead of 8-11), it has big letters, small letters, the only thing missing being numbers and special signs. /s
Make security hard for users and the users will skip it entirely.
In fairness, French password requirements include one uppercase, one number, and three letters you don’t pronounce.
"Hors d'oeuvre 69"
Bon!