Russian kossity is the illusion of security…
In 2016, we asked the question: how many sites of the Federal authorities support HTTPS?
Therefore, even according to our conservative criteria – a valid SSL certificate, support for TLS 1.2 and avoiding the use of vulnerable or untrusted cryptographic algorithms DH and RC4 HTTPS is actually supported only 2 sites (reminiscent of, out of the 85 surveyed).
Today we have again asked the same question, although somewhat more stringent criteria, but even so
8 sites only simulate support HTTPS (all the same sloppiness): self-signed (the assay chamber) and curves (of the Ministry of defense and FADH) SSL certificates vulnerable Safranbolu (economic development), some places still have not heard about updates of software and their web servers are shining in a Network of welcoming banners “We have ROBOT & POODLE!” (Minvu, Rosreestr, the Federal service for financial monitoring and Rosnedra).
The remaining 24 sites, starting and ending with the presidential Cikowski, went even simpler: no HTTPS – no problem. SVR – why do we need a secure connection? The FSB report preparation of a terrorist attack HTTP! FSO – we have nothing to hide you too. We don’t know for sure, of course, but, apparently, some kind of logic: the tea is not the Bank’s website and not Vkontakte any, is possible without a secure connection to do.
In General, all that today for a few thousand rubles a year provides any half-decent shared hosting: standard SSL certificate from Let’s Encrypt, the current version of the web server, and cryptographic libraries settings in mind, most Russian authorities are still not available. But everyone, I suppose, any subordinated givc with the appropriate staff and budget…
ORIGINAL PAGE –