Is your password easily guessable? Is it, oh, I don't know, maybe the name of the world-famous Paris museum you're trying to protect?
The brazen theft of more than $100 million in jewels from the world-famous Louvre on Oct. 19 captured the world's attention, for obvious reasons. As of Wednesday, French police have arrested seven suspects, but the jewels have not yet been recovered. Now reports show the Louvre has had security issues in the past, including one that wouldn't pass the most basic cybersecurity test: The museum's name itself, Louvre, may have been one of its passwords.
The French newspaper Libération reports that the French cybersecurity agency ANSSI audited the Louvre's security in 2014 and 2015. The museum failed badly.
One part of the audit described unguarded rooftop access. That's somewhat relevant today, since thieves reportedly used a truck-mounted electric ladder to reach a balcony and cut through window glass. Not quite the roof, but apparently equally unguarded.
The audit also said the museum's security software at the time was running on Windows Server 2003, which was set to lose support from Microsoft at that time, more than a decade ago.
Don't miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.
The Louvre's password was once 'Louvre'
One of the most significant flaws in the Louvre's cybersecurity was lazy password use. "Louvre" appeared to be the password to access the museum's video surveillance. One computer login password was "Thales," the name of the software developer, which we're guessing was visible on the login screen.
A representative for the Louvre didn't immediately respond to a request for comment.
While Libération's investigation indicated that many of the same problems remain, we don't know which issues the Louvre staff corrected in the decade since the audit. Perhaps the Louvre's current password is L0uvr31500$$ now or something even tougher to guess. M0n@ L1$@, maybe?
... continue reading