Oh dear oh dear.
To save the embarrassment of TV5MONDE I have attempted to write the following story in Franglais, so only people with a loose understanding of the French language will be able to laugh at the TV station’s ineptitude.
Malheureusement, le TV station Francaise TV5MONDE qui était hacked dernière semaine has had un autre grande cock-up.
Dans un interview avec TV5MONDE journaliste David Delos about le hack, vous can see les mots de passe (passwords en Anglais) de les accounts de social medias de TV5MONDE.
Une énorme faux pas, n’est pas?
Oui. Le YouTube password de TV5MONDE est “lemotdepassedeyoutube”, qui en Anglais est “the password of YouTube”.
Je wonder que les passwords pour Instagram and Twitter might be?
Un autre password faux pas was seemingly accidentellement made public dans un news report de le TV5MONDE hack by le news gare BFMTV:
Chapeau-tip: Ars Technica.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
5 comments on “Station de télévision exposé its own passwords on l’air. A Franglais report”
"so only people with a loose understanding of the French language will be able to laugh at the TV station's ineptitude."
Where is the fun in that ? Thankfully you solved the problem with that handy hyperlink. Which I appreciate because laughter is therapy, is it not ? While they have a horrible policy in place (if they didn't fix it by now … suggestions below for them!) they're not alone by any means. I suppose that makes it a lot better, at least for those who wish to abuse the fact (and it does allow for laziness, admittedly, and who doesn't like being lazy ?). As for those doing similar (even if laughing at the specific examples), hopefully you'll take this as an opportunity to improve things. The following steps could (but 'probably' shouldn't) be followed (shouldn't be followed literally, that is for sure), for example. If you don't speak gobbledegook, you might just want to fix your mistakes (but interestingly, and quite ironically, some of the logic below does work until you analyse it further) and ignore the below (perhaps that is best in any case) (although it is a good example of things not to do). Choose your poison.
1. Save the passwords in a file on your computer (tip: prefer world-readable access, and make sure you have a guest account, so that in the case you forget the password – and forgot to store it elsewhere, such as the next step – you can still discover it with a little extra work) in a plain text file, instead. Label it PASSWD.LST (file name in all caps because it is easier to see and in any case, PASSWORD123 is the same thing as password123 – much like 123ABC being equal to 123abc – so it doesn't make a difference).
2. When you have a visible list just make sure you have a fake list on top of the real list (you can still keep the real list though since it is now covered; notice that if they did this their passwords wouldn't have been leaked on a video). (Realistically this is better if you're going to have a list like this, but you shouldn't do that.)
3. Alternatively just change your password daily. A possible method is the two digit day of the month and the month name (example 11april), or the day of the year (and if you want a little extra protection include this year or better yet yesteryear or next year). Hint: depending on location, today is 101 (which is easy to remember because this is 'bad password advice 101') or 102.
I'll err on the side of caution and say 1 and 2 (combined: 1 + 2 = 3) are easier to implement than 3 alone but 3 is likely an equally as strong policy (of course 1 + 2 + 3 = 6 > 3 so all three is best). Either way, taking these steps would improve things, wouldn't they ? I'm fairly sure they're safer and more secure because they're not in plain sight (assuming you covered the real list); certainly it isn't as obvious as what this TV station did. Even better is that there are additional layers of protection (literally and figuratively) and that is actually a good thing (just not in this way).
Then again… perhaps instead you should just fix your mistakes immediately, without fail, and immediately means now, not later. I think that's better, although no relevant party would be reading this (admittedly I can understand that if you consider the utter nonsense above!) but if they do hopefully they take it as what not to do (minus the part about correcting any mistakes).
I like how you proved the strength of your proposal by adding up the numbers you used to list your points as a means of weighing them against themselves individually…
To be honest I didn't think anyone would appreciate my thoughts there, even though some of the logic works initially (and indeed that was the idea with weighing the strengths of the methods). Thanks for proving me wrong. Yes, I had amusing ideas (but it must be said that almost everything is amusing to me) but obviously none of it was meant to be serious, at least not literally (with perhaps the last paragraph). I'm glad that at least someone – anonymous as they might be – found it of some interest (however preposterous my suggestions were).
Je m'incline de rire Mr Graham.
tres amusant, merci mon brave