Platon Technologies
not logged in Login Registration
open source software development celebrating 10 years of open source development! Saturday, October 16, 2021
About Us
Open Source
Index  »  Press Reports  »  Analysis of Security of Operational Programs' Internet Websites

Analysis of Security of Operational Programs' Internet Websites
(Reaction to Statements of Construction Minister Igor Stefanov)

Author: Ondrej Jombík | Section: Press Reports | Date: 2009-11-02

On November 30 2009, the Conservative Institute of M. R. Stefanik presented at a news conference outrageous purchase prices of websites for operational programs. The two most expensive pages,, fall under the competencies of Slovakia's Ministry of Construction and Regional Development. According to statements of Construction Minister Igor Stefanov from November 1 by which he wanted to advocate the grounds for the websites' costs, they were expensive due to their security.

We consider such explanation as poor and insufficient. The websites are incredibly overpriced, and as the construction minister justified the costs with their security, we looked into the matter. We were shocked by our findings. In their context, the wasting of public funds is even more visible, as is the lack of professionalism of the selected contractors.

  1. The first finding was presented at the news conference held on November 30: the sites are located on servers in the Czech Republic1 in spite of the fact that the government has at its disposal its own high quality IT infrastructure. Also, such services can be easily procured in Slovakia. Since the websites are primarily designated for Slovak visitors, we consider their location in a neighboring country as inefficient and unreasonable.

  2. According to the minister' statement, the webpage also contains an important reservation system. In spite of its importance, neither this system, nor any other part of the webpage is secured by a Hypertext Transfer Protocol Secure (HTTPS). If a HTTPS is not applied, all data, including the login and password are transferred in an unencrypted form and they may easily be sniffed and exploited by a potential attacker.

    The HTTPS is nowadays used not only to protect sites of Internet banking, but also the most common web, such as mail and chat servers. The use of HTTPS is the basic pillar of Internet security. It is pitiable that such an important security pillar was somehow omitted in the procurement procedures.

    As the website's setup interface2 itself is not protected or secured, there is a real risk of a misuse of the interface, as the result of which the ministry may lose control over the contents of its own website. The third point will show that unfortunately, the ministry has already lost control over its site.

  3. The third point presents the most serious findings, that we consider to be bad enough to serve as grounds for filing a complaint to the supplier or withdrawing from the purchase contract. The websites contain several shortcomings, the so-called “Cross-Site Scripting” security vulnerability, or XSS3.

    As a result of these vulnerabilities, anyone can insert pictures, text and components in the page without needing special hackers or programming skills. An Internet user may invade the site from his/her own computer, to which also a participant in the discussion forum of the SME daily on www.sme.sk4 pointed out. An unknown participant in the discussion inserted a picture of a railway tunnel5 in the website, while the suffers from the same vulnerability (see appendix 1 and 2) and possibly also other sites from the same supplier.

    A bigger problem is that not just innocent playing around with a picture is in question. A virus component or a harmful code may be injected in the page in the same way. A potential attacker may also redirect a user to his/her own site (the so-called phishing site6), appearing to be the original site. The attacker may thus present false or incorrect data or try to acquire data from visitors (personal data, sensitive data, logins, passwords) who believe are on the original page.

The aforementioned flaws represent serious security vulnerabilities in the light of which the supplier seem to be unprofessional and the ministry failed to check the supplied product. The websites are resistant to trivial attacks. Unless a prompt correction of the flaws is carried out, it is just a matter of time when they will be misuses in a serious way.

We think it is high time to stop persuading the public about the advantages and quality of the product, and to take action. The website worth over SKK 2 million (EUR 76,000) is like a car without brakes: it works, drives, but it is very dangerous for us.

For more information or technical details, please contact:

The author of the press release participated in the press conference organized by the Conservative Institute of M. R. Stefanik.


  1. Location of the Websites in the Czech Republic:

  2. The Website's Setup Interface:
    - (in operation, without HTTPS)
    - (HTTPS not in operation)

  3. Detailed Description of the XSS vulnerability:

  4. Little Joke by an Anonymous Discussion Participant:

  5. Little Joke by an Anonymous Discussion Participant - Links:

  6. Explanation and possibilities of the use of the so-called “phishing” page:


Altered websites of the operational programs:
(click on the pictures to see in the full size)

Apendix 1

Apendix 2

What is Platon?
Plato was a very important classical Greek philosopher, student of Socrates and teacher of Aristotle. learn more...

Platon Group is Slovak open source software development group. We are developing, maintaining, documenting some successful open-source projects.

Platon Technologies, Ltd. is young dynamically developed enterprise, which goal is to bring open technologies into the commercial sphere.

Support Us

Powerful Web-Hosting
and Multihosting

Platon Webhosting

Super Fast Servers
& Professional Administration

Virtual, Dedicated and Managed Servers

Article discussion
jordan incredible 2009-12-05 14:43
CSGO Boost Me     RE: incredible 2021-02-27 10:04
flipkart quiz     RE: incredible 2021-05-24 16:06
flipkart quiz         RE: incredible 2021-05-24 16:07
Quiz Ahead     RE: incredible 2021-08-05 09:28
Peter Outcome? 2013-10-14 20:14
Abis Khan     RE: Outcome? 2020-09-20 22:40
musi music website 2020-04-24 18:24
Lerod Manji     RE: music website 2020-05-11 06:00
Grover Amazing post 2020-06-06 09:25
Grover Amazing post 2020-06-08 12:14
johan smith nice 2020-07-02 19:14
Sultan     RE: nice 2020-09-20 22:42
abc Our prior 2020-07-07 03:59
abc Our team 2020-07-07 03:59
abc the most 2020-07-07 04:00
Lucas Mark comcast email 2020-07-18 16:56
Amir Amir 2020-09-01 16:56
smurf universe Buy CSGO Smurf Account 2020-09-03 12:58
smurf universe Buy CSGO Smurf Account 2020-09-03 12:58
Yeh Rishta Kya Kehlata Hai Super 2020-09-28 17:22
salini     RE: Super 2020-10-13 14:27
shayari amazing 2020-10-13 14:57
real estate marketing     RE: amazing 2020-10-19 05:59
Bigg Boss 14 Bigg Boss 14 HD 2020-10-15 19:18
Drama Fever Drama Fever 2020-10-21 19:39
Saath Nibhana Saathiya 2 all Episodes Saath Nibhana Saathiya 2 all Episodes 2020-11-13 02:24
imShekhar Nice Article 2020-11-27 14:14
aa asd 2020-11-28 17:28
Saurav Sinha Latest Blog Posts 2020-11-28 17:34
바카라사이트 바카라사이트 2021-01-24 22:15
바카라사이트 바카라사이트 2021-01-24 22:17
Farideh Frouzesh Analysis 2021-03-21 13:17
bubble shooter game hot 2021-03-29 10:10
Ij.start canon Ij.start canon 2021-03-30 13:02
Pandya Store Latest Episode 2021-03-31 04:13
Norton Tech How many to fix Norton not opening on windows 10? 2021-04-14 15:57
먹튀검증 먹튀검증 2021-04-22 08:24 canon.comijsetup 2021-05-03 11:19
토토사이트 xzZ 2021-05-18 02:44
ijstartcannonc ij.start.cannon 2021-05-19 13:15
우리카지노 asd 2021-05-26 09:30
카지노사이트 카지노사이트 2021-06-18 04:35
pay someone to take my online class pay someone to take my online class 2021-06-19 15:22
assignment help assignment help 2021-06-20 20:05
Cheap assignment help Cheap assignment help 2021-06-21 08:32
Cheap assignment help Cheap assignment help 2021-06-21 08:33
assignment help assignment help 2021-06-22 21:31
GIbson Hill all assignment help reviews 2021-06-30 07:20
the global the glboal 2021-07-02 10:05
the global     RE: the glboal 2021-07-02 10:06
the global the glboal 2021-07-02 10:08
oncasinosite 카지노사이트 2021-07-04 10:40
oncasinosite 카지노사이트 2021-07-04 10:41
casinositewin 2021-07-04 10:44
toto365pro 2021-07-04 10:46
sportstototop 2021-07-04 10:47
charlibilson dfgyui90op-[] 2021-07-08 08:25
charlibilson printer support number 2021-07-08 08:26
alfawritingser Aol support number 2021-07-08 08:58
alfawritingser Aol support number 2021-07-08 08:59
hotel aster 2021-07-10 07:36
assignment writing help assignment writing help 2021-07-13 06:58
makemyassignment makemyassignment 2021-07-13 10:01
assignment help assignment help 2021-07-14 07:56
tokeny dasd 2021-07-14 20:47
bamgosoocom 대구오피 2021-07-17 22:22
Jack Assignment help 2021-07-25 19:31
scsd Play Casinos Online- OMG Casino Site 2021-07-28 10:26
Quiz Booster That's amazing 2021-08-05 08:07
Quiz Ahead incredible 2021-08-05 09:26
casinositehomecom 카지노사이트홈 2021-08-12 04:48
ekskluzywne as 2021-08-13 13:12
mark person Thank you 2021-08-16 13:12
Sarah Harvey Do My Assignment 2021-08-18 16:27
rajesh call girl guwahti 2021-08-19 07:16
스포츠토토 casinogaja 2021-08-29 16:29
James Born write my essay for me 2021-08-30 13:29
Matt Brown     RE: write my essay for me 2021-08-31 09:15
Matt Brown         RE: write my essay for me 2021-08-31 09:16
Matt Brown         RE: write my essay for me 2021-08-31 09:17
Matt Brown             RE: write my essay for me 2021-08-31 09:17
ankit ron fantasy cricket tips 2021-09-03 16:31
Birthastro86 janam kundli 2021-09-04 04:49
オンラインスロット egaoninfo 2021-09-04 16:41
khalsa store sikhi product 2021-09-16 13:26
Buy Assignment Online Buy Assignment Online 2021-09-17 10:09
good night quotes good night quotes 2021-09-23 16:41
dgrg dfgdrg 2021-10-04 07:41
charlibilson teck geekz 2021-10-04 11:36
messy tyagi technical help support 2021-10-05 12:05
Document Review Services Document Review Services 2021-10-06 09:37
Assignment helper Assignment helper online 2021-10-08 09:10
alfawritingser Aol support number 2021-10-12 14:07
alfawritingser Aol support number 2021-10-12 14:08


Copyright © 2002-2006 Platon Group
Site powered by Metafox CMS
Go to Top · Feedback form · Application form
Report bug on PLATON.SK website · Terms of use · Privacy policy