Preventing cloud data breaches in open source


Playlists: 'osc17' videos starting here / audio / related events

The privacy and the personal data on the internet are under attack by hackers and international espionage programs. It is important to keep data safe and secure to protect the privacy of the users.

Open source software like Nextcloud and openSUSE are key to provide the necessary tools to the users to protect their data and run their own infrastructure.

But to provide the expected security to the users it is necessary that the software is configured correctly and always has the latest security patches. It was lately discovered by Nextcloud that a big number of cloud services running on the internet are not secured properly. Some of them, even operated by big organisations, are even trivial to hack. This is a challenge for the open source community that we need to address.

This talk will cover the current problems with insecure services that were discovered by Nextcloud and discussed possible steps to improve the situation. Examples are easier to understand administration interfaces, better notifications to the admins if actions are needed and potentially live patching of software. The talk will discuss potential consequences and new challanges for Linux distributions around software distribution and better guiding of admins to make the right decissions around security.
It will also discuss the current and upcoming federation features of Nextcloud and how to become part of the community.