Government pages in the .gov.pl domain are not secure

The websites of the Ministry of Finance, Justice, National Defense, the Institute of National Remembrance, the National Bank of Poland, the Sejm, the Constitutional Tribunal, the Social Security Office and probably a few others do not have an SSL certificate or they have, but allow to connect to their server an unencrypted HTTP protocol.

Yesterday's changes introduced to the latest version of Google Chrome made the user instead of the "green" padlock imitating security see the government- marked Chrome sites as UNROLLED :

Dangerous government pages

Unsecured government websites

Changes made to the Google Chrome browser were announced already last year. Google wanted in this way to force administrators to encrypt communication between the server and the user's browser. Mozilla has already made similar changes in Firefox. According to browser providers, this will improve the level of Internet security, but in our opinion it will also force owners of small private blogs, forums, image sites to use encryption where it is not necessary.

The introduction of HTTPS in the browser's bar also has advantages: Google search engine "looks" at encrypted websites, increases privacy and sense of security, as well as credibility and trust in the company. In addition, the HTTPS protocol supports upgraded HTTP2, which is faster than HTTP, so pages can load faster.

The SSL certificate, where it is not required to guarantee the integrity and confidentiality of data, can be implemented completely free. But with this there are some drawbacks:

  • The SSL certificate can be implemented for free, provided that you have access to server management.
  • Some hosting companies allow the implementation of the certificate for free, but the purchase of a certificate must be made with them.

Certain solutions are free certificates, generated independently by Let's Encrypt or in the CloudFlare service, which offers for free incomplete encryption ( Flexible SSL ). In fact, CloudFlare provides much more benefits . OVH.pl has introduced the free SSL certificates generated by Let's Encrypt to its hosting offer, while the fastest growing dHosting.pl hosting company in Poland enables customers to quickly integrate with the CloudFlare panel, so free encryption is provided.

Regardless of which direction we go, the management of the website, whether through hosting, or exercising control over the leased server, requires from the website owner some technical knowledge, without which it is even difficult to update the modules and core of the site engine. We believe that such information is available to IT specialists employed in individual ministries and that the image of a dozen unprotected government websites is the result of oversight. It is worth noting that not all ministries are "unsecured". The exceptions include Polish Financial Supervision Authority, Senate, Ministry of Foreign Affairs, Chief Sanitary Inspectorate.



Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.