Out of date software leaves you vulnerable
Canonical
on 23 March 2017
Tags: Cloud security , iot security , nextcloud
Two weeks ago, Der Spiegel wrote an article highlighting that out of date software on private clouds was leaving government and political party information vulnerable to being hacked. Given that political organisations being targeted is currently such a hot topic, it is somewhat of a surprise how widespread this issue appears to be. After discovering the size and scope of the problem through their own investigations, Nextcloud decided to take a proactive approach and help organisations’ awareness and address potential vulnerabilities.
The large number of insecure servers came to light as a result of a tool that Nextcloud was developing. Given their findings, Nextcloud took the somewhat unusual industry step to proactively work with Computer Emergency Response Teams in various countries to notify affected people of the risks, in an effort to help keep their data as secure as possible.
The Der Spiegel article and Nextcloud’s response which chose transparency over secrecy and following security best practices are a must read for everyone in the industry and a timely reminder to us all of the importance of updating our software on a regular basis.
As mentioned in NextCloud’s blog response, they have now released the Nextcloud Private Cloud Security Scanner as a quick and simple tool to enable users to regularly check their servers and ensure always up to date software. However the ideal scenario is for software updates to happen automatically and reduce the risk of a security threat as a result, especially so for smaller organisations and consumers, which often lack the technical know-how to maintain their system up to date . This is a feature that’s built into snaps, the universal Linux application packaging format, which is why Nextcloud uses snaps to distribute their software as part of their Nextcloud Box offering. Users of the box will get automated updates of their Nextcloud software whenever a new release is made available in the store. As a matter of fact the NextCloud Box is built on Ubuntu core, the version of Ubuntu entirely built out of snaps. This means that the entire software on the box is seamlessly updated without administrator involvement, and it literally takes no effort to keep your storage secure.
Internet of Things
From home control to drones, robots and industrial systems, Ubuntu Core and Snaps provide robust security, app stores and reliable updates for all your IoT devices.
Newsletter signup
Related posts
Ubuntu Updates for the Meltdown / Spectre Vulnerabilities
For up-to-date patch, package, and USN links, please refer to: https://wiki.myasnchisdf.eu.org/SecurityTeam/KnowledgeBase/SpectreAndMeltdown Unfortunately, you’ve...
Achieving Performant Single-Tenant Cloud Isolation with IBM Cloud Bare Metal Servers, Ubuntu Core, Snaps, and AMD Pensando Elba Data Processing Unit
Discover how IBM Cloud’s bare metal servers offer highly confined and high-performing single-tenant cloud isolation through the use of Ubuntu Core and Snaps,...
Strengthen your cloud cyber security with Ubuntu Pro and confidential VMs
Strengthen your cloud cyber security with Ubuntu Pro and confidential VMs. This blog dives into the crucial role your OS plays in cloud security and...