"Experts who tested the resilience of Louvre computer systems found them easy to break into by relying on the easily-guessable passwords, and were able to gain access to other supposedly secure systems after using those passwords. Pen-testers were reportedly also able to gain access to a system used to control access badges at the Louvre and modify access rights for individual badges."
"A second audit, conducted in 2017, found similar problems, including the continued presence of Windows 2000 and Windows XP systems on the Louvre network long after Microsoft stopped supporting and providing security updates for the products. A later writeup from this past summer found that the software managing video surveillance was not only outdated, but running on a Windows Server 2003 machine."
Security audits from the Louvre going back to 2014 reveal a decade-long pattern of poor information security. Basic failures included easily guessable passwords such as "LOUVRE" for a video surveillance server and "THALES" for a vendor platform. Penetration testers gained access to multiple systems and were able to alter badge access rights, with attacks feasible from outside the museum once network access was obtained. Follow-up audits in 2017 and later found legacy Windows 2000, XP, and Server 2003 systems still in use and security updates absent. Remediation status remains unclear and museum management declined to comment.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]