The German tabloid Bild featured an article covering the press release published by the German Ministry of Defence about the recent leaks of WebEX calls between army generals. The Bild noted that the password the Ministry of Defence used for the shared Nextcloud link was “1234”, assuming this was meant to ‘secure’ the link.
While a press release is obviously meant to be public, which is why the simple password was chosen, you might wonder why the ministry didn’t just use a completely password-less link for their Nextcloud share?
Secure sharing with Nextcloud
Nextcloud differentiates itself from public clouds like Microsoft 365, Dropbox or Google Drive with a focus on privacy and data sovereignty. Unlike public clouds, Nextcloud often runs on private cloud environments, giving the organization deploying it direct control over the data. It wouldn’t make sense for the German government (or any other) to hand over important data to foreign tech firms, which is why Nextcloud is widely deployed in the European public sector.
Protect your public links with passwords
With Nextcloud, users can share directly with other users. This makes sure no data leaves the government data center. But sometimes data must be shared outside the organization, either to a single individual or fully in public like with a press release.
Nextcloud allows users to create one, or more, public links for this purpose. A public link lets a third party who has the link view and (depending on the settings) download and edit the file. As you might share a document for editing with one person, and create another link with only viewing permissions to a second, each link can have its own protections. Including a password, expiration date and more!
The system administrator can put in additional controls, to ensure data is always protected. The File Access Control can use rules to stop files from being accessed outside Germany, for example. Or a mandatory 30 day expiration date can make sure links get cleaned up after a while. And last, but very relevant, administrators can enforce a password on each public link.
This setting is clearly enabled on the Nextcloud server used by the German Ministry of Defense, and explains why a simple password (1234) had to be chosen. Note that administrators can even enforce a certain degree of password quality, blocking such simple passwords from being chosen by users!
In other words. Mr. Pistorius does not use the password ‘1234’ to protect any data – it was meant to make it easy to access the press release.
We hope the readers at Bild appreciate out explanation!
The global IT outage drew attention again to our digital mono-culture. The good news: our digitally sovereign AI Copilot for Europe offers AI powered collaboration platform for public sector, entirely operated in Germany.
A CrowdStrike update took down countless Microsoft systems, disrupting flights, surgeries, banking and more all over the world. The incredible impact this single outage had shows the importance of digital resilience, especially in the public sector.
Salviamo alcuni cookie per contare i visitatori e rendere il sito più facile da usare. Questi dati non lasciano il nostro server e non servono a tracciare il tuo profilo personale! Per maggiori informazioni, consulta la nostra Informativa sulla privacy. Personalizza
I cookie statistici raccolgono informazioni in forma anonima e ci aiutano a capire come i visitatori utilizzano il nostro sito web. Utilizziamo Matomo in cloud.
Matomo
_pk_ses*: Conta la prima visita dell'utente
_pk_id*: Aiuta a non contare due volte le visite.
mtm_cookie_consent: Ricorda il consenso alla memorizzazione e all'utilizzo dei cookie dato dall'utente.
_pk_ses*: 30 minuti
_pk_id*: 28 giorni
mtm_cookie_consent: 30 giorni