The website of the National Criminal Registry provides information on criminal records of the criminal registry services of the Prosecutor's Offices of the country and the Independent Criminal Registry Department of the Central Service of the Ministry of Justice, as well as on the ways and procedures required to criminal record.
I think you all understand the seriousness of the information it contains National Criminal Record. So yesterday after our publication about the hack of the Ministry of Development and the finding that the page still uses HTTP protocol instead of secure HTTPS, a reader of iGuRu.gr posted a complaint through our Facebook page.
The reader tells us:
I need a copy of a criminal record that you can now get electronically from the National Criminal Record service (ncris.gov.gr).
But to be registered, you have to give all sensitive personal information data that concern you, such as username and password. But they warn you that the connection is not safeς και ότι μπορούν να υποκλαπούν τα δεδομένα σου...
The post is accompanied by an image that says it all:
For the real reason we visited the Portal of the National Criminal Record and really the page is not safe for the public.
On the contrary the main website https://www.gov.gr/ has an SSL certificate, only it is free from Lets Encrypt. You are not bored, something is that too.
This Lets Encrypt certificate secures except from the central portal of gov.gr and the subdomains form.gov.gr, forma.gov.gr, howto.gov.gr (not working) the CNAME www, and finally the covid19stats.gov.gr.
Το τελευταίο subdomain αν και είναι online δεν εμφανίζει αποτελέσματα και θα είναι ενδιαφέρον να δούμε αν κάποια στιγμή λειτουργήσει τι εννοεί ο ποιητής με το header "Μητρώο Ασθενών COVID-19" (κλείνει η παρένθεση).
But let's go back to the SSL effect which does not exist and if there is it is free from Lets Encrypt. Let's take a look at another country and what certificate it uses:
usa.gov and all (*) usa.gov subdomains are secured with Sectigo Wildcard SSL Certificates. They cost a bit more but are important for governments to consider online security as it should be priority.
I wonder how they talk about e-Government with such crap on the internet.
Can I mention a paranoia?
Για την δημιουργία των Ελληνικών portal στο domain .gov.gr μπορεί να έχει προκηρυχτεί διαγωνισμός και ανάθεση του έργου στον πλειοδότη. Γιατί έτσι λειτουργεί το Ελληνικό δημόσιο, με απόλυτη διαφάνεια, ακόμα και στα πολύ προσωπικά μας δεδομένα....