Last year my government (Eastern Europe) started requiring some extra documentation to be submitted by companies, yearly, after it passed a law to do so. It being a strange time in human history they had to twist themselves in all sorts of knots to try and make that possible so they gave in and - I assume - they put out a giant government contract searching for an IT company to make that happen. And make it happen they did, through usual nefarious means or otherwise, that much is unknown but they created a portal. You could enter your details and it would return you a document to download and sign and hand off to the nearest government agency that was officially supposed to handle these. And so my friend got to work… first thing he noticed: the whole thing was insanely slow and then he took a look at the URL and found that it was basically someone’s Windows PC, just serving the entire C:/ drive on a public URL. Even worse, all the documents generated (which contained all data, private and public related to the company owner - even ID data) were named in an incremental fashion. Meaning that you could’ve, were you a bad actor, dump pretty much the entire country’s privately owned business owners’ details with a simple bash script.
So he took it upon himself and called the specific government branch…
… and within an hour the whole portal was offline and the deadlines ended up being extended. This year was the earliest time I needed to submit said paperwork.
Handling stuff online is not easy and sometimes goes very wrong. That being said, for most general company admin things you need to do here you can buy a hardware cert and avoid this entire risk and they’re supposed to be rolling out IDs with similar features and a similar promise in August. Though as to how that will function, I have no idea as I couldn’t find any info on it.
So he took it upon himself and called the specific government branch…
… and within an hour the whole portal was offline and the deadlines ended up being extended. This year was the earliest time I needed to submit said paperwork.
Handling stuff online is not easy and sometimes goes very wrong. That being said, for most general company admin things you need to do here you can buy a hardware cert and avoid this entire risk and they’re supposed to be rolling out IDs with similar features and a similar promise in August. Though as to how that will function, I have no idea as I couldn’t find any info on it.