The website of the National Criminal Registry provides information on criminal records of the criminal registry services of the Prosecutor's Offices of the country and the Independent Criminal Registry Department of the Central Service of the Ministry of Justice, as well as on the ways and procedures required to criminal record.
I imagine you all understand the seriousness of the information contained in the National Criminal Record. So yesterday after our publication about the hack of the Ministry of Development and the finding that the page still uses HTTP protocol instead of secure HTTPS, a reader of iGuRu.gr posted a complaint through our Facebook page.
The reader tells us:
I need a copy of a criminal record that you can now get electronically from the National Criminal Record service (ncris.gov.gr).
However, in order to register, you must provide all sensitive personal data concerning you, such as username and Password. But they warn you that the connection is not secure and that your data can be intercepted...
The post is accompanied by an image that says it all:
For the real reason we visited the Portal of the National Criminal Record and really the page is not safe for the public.
On the contrary the main website https://www.gov.gr/ it has an SSL certificate, that's all free from Let's Encrypt. You're not bored, that's one thing.
The specific certificate of Lets Encrypt insures in addition to the main portal of gov.gr and the subdomains form.gov.gr, forma.gov.gr, howto.gov.gr (does not work) CNAME www, and finally covid19stats.gov.gr.
The last subdomain, although it is online, does not show results and it will be interesting to see if at some point what the poet means by the header "COVID-19 Patient Registry" works (parentheses close).
But let's go back to the SSL effect which does not exist and if there is it is free from Lets Encrypt. Let's take a look at another country and what certificate it uses:
usa.gov and all (*) usa.gov subdomains are secured with Sectigo wildcard SSL Certificates. Κοστίζουν λίγο παραπάνω αλλά είναι σημαντικά για τις κυβερνήσεις που θεωρούν ότι η διαδικτυακή ασφάλεια πρέπει να είναι προτεραιότητα.
I wonder how they talk about e-Government with such crap on the internet.
Can I mention a paranoia?
For the creation of the Greek portal in the domain .gov.gr may have been announced competitionand assigning the project to the bidder. Because this is how the Greek public works, with absolute transparency, even in our very personal data....