Russian kossity is the illusion of security…

Russian kossity is the illusion of security…

Russian kossity is the illusion of security…

In 2016, we asked the question: how many sites of the Federal authorities support HTTPS? We learnedare you ready? Actually – 2 (in words: two, Carl!) site of 85. Formally – 32 supported, ie on the servers was enabled HTTPS, but then it was all about traditional Russian carelessness: the SSL certificate has expired, camobodia or even from another site, the connection automatically switches to HTTPS or HTTP predrasuda in the admin area of the website, the web server is vulnerable to a ROBOT, POODLE and other frills bad HTTPS connection only via SSL, and other revelry.

Russian kossity is the illusion of security..., image # 1

Therefore, even according to our conservative criteria – a valid SSL certificate, support for TLS 1.2 and avoiding the use of vulnerable or untrusted cryptographic algorithms DH and RC4 HTTPS is actually supported only 2 sites (reminiscent of, out of the 85 surveyed).

Today we have again asked the same question, although somewhat more stringent criteria, but even so the situation was significantly better27 of the 82 sites can be considered really support HTTPS and 23 – conditionally support it. Conventionally, in the sense that under certain conditions, depending mostly on the client side: the current version of the browser, configured in the mind, handles indicated an HTTPS connection secure, did something of the above – depends on.

8 sites only simulate support HTTPS (all the same sloppiness): self-signed (the assay chamber) and curves (of the Ministry of defense and FADH) SSL certificates vulnerable Safranbolu (economic development), some places still have not heard about updates of software and their web servers are shining in a Network of welcoming banners “We have ROBOT & POODLE!” (Minvu, Rosreestr, the Federal service for financial monitoring and Rosnedra).

The remaining 24 sites, starting and ending with the presidential Cikowski, went even simpler: no HTTPS – no problem. SVR – why do we need a secure connection? The FSB report preparation of a terrorist attack HTTP! FSO – we have nothing to hide you too. We don’t know for sure, of course, but, apparently, some kind of logic: the tea is not the Bank’s website and not Vkontakte any, is possible without a secure connection to do.

In General, all that today for a few thousand rubles a year provides any half-decent shared hosting: standard SSL certificate from Let’s Encrypt, the current version of the web server, and cryptographic libraries settings in mind, most Russian authorities are still not available. But everyone, I suppose, any subordinated givc with the appropriate staff and budget…

Source: habr

ORIGINAL PAGE – Go to open the original article


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: