The website of the National Criminal Registry provides information on criminal records of the criminal registry services of the Prosecutor's Offices of the country and the Independent Criminal Registry Department of the Central Service of the Ministry of Justice, as well as on the ways and procedures required to criminal record.
I imagine you all understand the seriousness of the information contained in the National Criminal Record. So yesterday after our publication about the hack of the Ministry of Development and the finding that the page still uses HTTP protocol instead of secure HTTPS, a reader of iGuRu.gr posted a complaint through our Facebook page.
The reader tells us:
I need a copy of a criminal record that you can now get electronically from the National Criminal Record service (ncris.gov.gr).
But to be written, you have to give all the sensitive information privacy that concern you, such as username and Password. But they warn you that the connection is not secure and that your data can be intercepted...
The post is accompanied by an image that says it all:
For the real reason we visited the Portal of the National Criminal Record and really the page is not safe for the public.
On the contrary the main website https://www.gov.gr/ it has an SSL certificate, only it's free from Lets Encrypt. You're not bored, that's one thing.
The specific certificate of Lets Encrypt insures in addition to the main portal of gov.gr and the subdomains form.gov.gr, forma.gov.gr, howto.gov.gr (does not work) CNAME www, and finally covid19stats.gov.gr.
The last subdomain, although it is online, does not show results and it will be interesting to see if at some point what the poet means by the header "COVID-19 Patient Registry" works (parentheses close).
But let's go back to the SSL effect which does not exist and if there is it is free from Lets Encrypt. Let's take a look at another country and what certificate it uses:
usa.gov and all (*) usa.gov subdomains are secured with Sectigo Wildcard SSL Certificates. They cost a bit more but are important for governments that consider online security to be a priority.
I wonder how they talk about E-Government with such crap on the internetnetwork.
Can I mention a paranoia?
For the creation of the Greek portals in the domain .gov.gr, a tender and assignment of the project to the bidder may have been announced. Because this is how the Greek state works, with absolute transparency, even in our very personal data….