User name was LouvreMcLouvrevisage.
Poor IT security should have judicial consequences.
IT: We need a full audit, a department of people to run patches and tests, and everyone gets off of Windows immediately.
Director: Well we can’t hire anyone but if you want we’ll let you upgrade everyone’s system to Windows 11. They’ll probably be mad about it, but it’s all we can do right now. Hey it’s got AI now! You like that, right?
Rinse/repeat.
That was in 2014. They’ve since changed it to Louvre1
Louvre40
It has been changed every quarter and not repeated an old password since then!
It does include the fifth password Louvre4, but actually they only can’t re-use the previous 6 passwords so it went through.
As a quick test, I asked my wife to guess their password. They’re technically minded but not an IT expert.
They got it on the third try. First two were “Password” and “Abc123”, which are not bad guesses, either.
when you have two hour breaks for lunch and kiss everyone like you haven’t seen them in 30 years, ya got no time pour le password.
Trump’s nuclear football code was 0-0-0-0.
I’m waiting for the headline “Turns out thieves just asked nicely if they could take the art”
“Hey, you using that? No? Well, here, lemme borrow it. I’ll get it right back to ya.”
Not quite that, but it was basically a test of “you can do anything if you wear a hi-vis vest and a hard hat”.
An embroidered logo polo shirt, khakis, a lanyard with a laminated pass, and a clipboard can get you pretty far. Get one of those plastic ones that open up to hold papers, and put some stickers on it, then tear the corners off a couple. Carry a clicky pen, and click it a lot. Have a fresh haircut. Nobody wants to talk to that guy.
and if that fails, slip em a couple hundred bucks
distracts French guards by surreptitiously dropping wheel of cheese and pack of cigarettes on floor
I heard one of the thieves mispronounced croissant and it distracted all of the guards so the rest of the team could do the heist.
Started an argument about serving red wine chilled.
I heard the thieves strategically placed an American snack platter with grapes, cheese, crackers and cold cuts with a sign that read “Charcuterie” and all the guards called for backup to correct the senseless offenders.
“Crescent”
Sacre bleu! Kill him!
“…I unclog my nose in your direction, sons of a window-dresser! So, you think you could out-clever us French folk with your silly, knees-bent, running about, advancing behavior! I’ll wave my private parts at your aunties you… cheesy leather, second-hand, electric donkey bottom biters!”
I burst my pimples at you and call your door-opening request a silly ting! You… tiny-brained wipers of other people’s bottoms!"
👏👏👏
That’s not realistic. Someone said the word chocolatine, and they all lost their minds.
“Crow San Tuhs, boil’em mash’em put’em in a stew”
I’d eat a boiled croissant in Paris
I can confidently say this is more common then you would realize.
Everyone knows that the weakest link is the human.
deleted by creator
Damn, not even Louvre@123
Speaking as someone who’s worked contracts in secure facilities, I can say from experience that no one working in a place like this is even mildly surprised. The extent to which ‘learned blindness’ is applied should worry people still assuming that vaunted organizations or even government facilities are protected by strong security policies instead of mostly by the base restriction of non-authorized personnel from work areas.
Not naming names, but if your org doesn’t use the classic Admin & Password defaults, and forces you to renew your terminal passwords on a regular basis, don’t write it down on a Post It and stick it to your fucking monitor where anyone walking past can see. The sheer scale of the incompetence here is galling, in that teenagers have a better sense for passwords than the Louvre security & tech team apparently.
Edit: spaced and omitted part of sentence structure
Not naming names, but if your org doesn’t use the classic Admin & Password defaults, and forces you to renew your terminal passwords on a regular basis, don’t write it down on a Post It and stick it to your fucking monitor where anyone walking past can see.
Got it. I’ll write it down on a Post It, take a photo, and will make that my desktop background instead.
Don’t forget to have that photo automatically backed up to your personal cloud storage!
Post the photo to every social media site available - so everyone knows you are safe and secure!
Yeah you gotta put the post it under your keyboard /s
“Hello is this the Quahog moustache society?”
“Yes it is, what’s the secret password?”
“Moustache”
“Alright, come on in”
To be fair, I probably couldn’t spell Louvre unless I was looking at it written out.
Classic mistake, what you do is create a Python script that will search the internet for art Museums in Paris, then you parse them to compile a list and then try them each one by one.
L.u.v.e.r - access denied - “shit”
L.o.u.v.i.r. - access denied - " shit shit"
L.a.u.p.e.r - access denied - you have three attempts remaining -“Oh mon shiiiiit!”
****** - access denied - shiiiiit
H.u.n.t.e.r.2 - access denied - holy shiit!
O.v.e.r.r.i.d.e - administrator access granted.
That’s very 12345 of them.
Mentioned this to my elderly father and he said “I could do better than that.” He’s a master of security compared to that.
