Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Canonical
on 23 March 2017

Out of date software leaves you vulnerable


Two weeks ago, Der Spiegel wrote an article highlighting that out of date software on private clouds was leaving government and political party information vulnerable to being hacked. Given that political organisations being targeted is currently such a hot topic, it is somewhat of a surprise how widespread this issue appears to be. After discovering the size and scope of the problem through their own investigations, Nextcloud decided to take a proactive approach and help organisations’ awareness and address potential vulnerabilities.

The large number of insecure servers came to light as a result of a tool that Nextcloud was developing. Given their findings, Nextcloud took the somewhat unusual industry step to proactively work with Computer Emergency Response Teams in various countries to notify affected people of the risks, in an effort to help keep their data as secure as possible.

The Der Spiegel article and Nextcloud’s response which chose transparency over secrecy and following security best practices are a must read for everyone in the industry and a timely reminder to us all of the importance of updating our software on a regular basis.

As mentioned in NextCloud’s blog response, they have now released the Nextcloud Private Cloud Security Scanner as a quick and simple tool to enable users to regularly check their servers and ensure always up to date software. However the ideal scenario is for software updates to happen automatically and reduce the risk of a security threat as a result, especially so for smaller organisations and consumers, which often lack the technical know-how to maintain their system up to date . This is a feature that’s built into snaps, the universal Linux application packaging format, which is why Nextcloud uses snaps to distribute their software as part of their Nextcloud Box offering. Users of the box will get automated updates of their Nextcloud software whenever a new release is made available in the store. As a matter of fact the NextCloud Box is built on Ubuntu core, the version of Ubuntu entirely built out of snaps. This means that the entire software on the box is seamlessly updated without administrator involvement, and it literally takes no effort to keep your storage secure.

Related posts


Dustin Kirkland
4 January 2018

Ubuntu Updates for the Meltdown / Spectre Vulnerabilities

Canonical announcements Article

  For up-to-date patch, package, and USN links, please refer to: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown   Unfortunately, you’ve probably already read about one of the most widespread security issues in modern computing history — colloquially known as “Meltdown” (CVE-2017-5754) and “Spectre” (CVE-2017-5753 an ...


Benjamin Ryzman
22 April 2024

Achieving Performant Single-Tenant Cloud Isolation with IBM Cloud Bare Metal Servers, Ubuntu Core, Snaps, and AMD Pensando Elba Data Processing Unit

Networking Article

Discover how IBM Cloud’s bare metal servers offer highly confined and high-performing single-tenant cloud isolation through the use of Ubuntu Core and Snaps, supported by the AMD Pensando Elba DPU (Data Processing Unit). This setup enables the creation of secure and efficient environments for each tenant. Its design ensures the total sepa ...


Canonical
5 September 2023

도커(Docker) 컨테이너 보안: 우분투 프로(Ubuntu Pro)로 FIPS 지원 컨테이너 이해하기

FIPS Security

오늘날 급변하는 디지털 환경에서 강력한 도커 컨테이너 보안 조치의 중요성은 아무리 강조해도 지나치지 않습니다. 컨테이너화된 계층도 규정 준수 표준의 적용을 받기 때문에 보안 문제 및 규정 준수 요구 사항이 발생합니다. 도커 컨테이너 보안 조치는 경량의 어플라이언스 유형 컨테이너(각 캡슐화 코드 및 해당 종속성)를 위협 및 취약성으로부터 보호하는 것을 수반합니다. 민감한 개인 데이터를 처리하는 데 의존하는 ...