The German tabloid Bild featured an article covering the press release published by the German Ministry of Defence about the recent leaks of WebEX calls between army generals. The Bild noted that the password the Ministry of Defence used for the shared Nextcloud link was „1234“, assuming this was meant to ’secure‘ the link.
While a press release is obviously meant to be public, which is why the simple password was chosen, you might wonder why the ministry didn’t just use a completely password-less link for their Nextcloud share?
Secure sharing with Nextcloud
Nextcloud differentiates itself from public clouds like Microsoft 365, Dropbox or Google Drive with a focus on privacy and data sovereignty. Unlike public clouds, Nextcloud often runs on private cloud environments, giving the organization deploying it direct control over the data. It wouldn’t make sense for the German government (or any other) to hand over important data to foreign tech firms, which is why Nextcloud is widely deployed in the European public sector.
Protect your public links with passwords
With Nextcloud, users can share directly with other users. This makes sure no data leaves the government data center. But sometimes data must be shared outside the organization, either to a single individual or fully in public like with a press release.
Nextcloud allows users to create one, or more, public links for this purpose. A public link lets a third party who has the link view and (depending on the settings) download and edit the file. As you might share a document for editing with one person, and create another link with only viewing permissions to a second, each link can have its own protections. Including a password, expiration date and more!
The system administrator can put in additional controls, to ensure data is always protected. The File Access Control can use rules to stop files from being accessed outside Germany, for example. Or a mandatory 30 day expiration date can make sure links get cleaned up after a while. And last, but very relevant, administrators can enforce a password on each public link.
This setting is clearly enabled on the Nextcloud server used by the German Ministry of Defense, and explains why a simple password (1234) had to be chosen. Note that administrators can even enforce a certain degree of password quality, blocking such simple passwords from being chosen by users!
In other words. Mr. Pistorius does not use the password ‚1234‘ to protect any data – it was meant to make it easy to access the press release.
We hope the readers at Bild appreciate out explanation!
Bechtle und Nextcloud kündigen heute eine vollständig verwaltete Kollaborationsplattform für den öffentlichen Sektor an, die keiner Ausschreibung bedarf und sofort bereitgestellt werden kann.
Our mission is to help individuals, businesses and organizations achieve digital sovereignty and regain control over their data. Nextcloud Hub 5 marks a massive step forward towards achieving this mission, putting the power of AI into your hands – in a way that keeps you in control. New release, new possibilities Hub 5 builds on […]
Last year we were joined by Roundcube, the most popular open source webmail client. At the time we promised to invest in the project (interview) and since then we have brought back the mailing lists and accelerating development. And today - we introduce enterprise support for Roundcube!
A CrowdStrike update took down countless Microsoft systems, disrupting flights, surgeries, banking and more all over the world. The incredible impact this single outage had shows the importance of digital resilience, especially in the public sector.
Wir speichern einige Cookies, um Besucher zu zählen und die Nutzung der Website zu erleichtern. Diese verlassen unseren Server nicht und dienen nicht der Verfolgung Ihrer online-Aktivitäten.
Weitere Informationen hierzu finden Sie in unserer Datenschutzrichtlinie. Anpassen
Statistik-Cookies sammeln anonym Informationen und helfen uns zu verstehen, wie unsere Besucher unsere Website nutzen. Wir verwenden cloud-gehostetes Matomo
Matomo
_pk_ses*: Zählt den ersten Besuch des Benutzers
_pk_id*: Hilft, die Besuche nicht doppelt zu zählen.
mtm_cookie_consent: Erinnert daran, dass der Nutzer seine Zustimmung zur Speicherung und Verwendung von Cookies gegeben hat.
_pk_ses*: 30 Minuten
_pk_id*: 28 Tage
mtm_cookie_consent: 30 Tage