Aug 22, 2014
Bomar Security in Santa Maria, California has an online job application with form fields for name, address, employment history, security clearance information, driver’s license number, and Social Security Number – and the form is loaded insecurely over HTTP, and POSTs insecurely over HTTP.
If a job applicant is filling out this form on an open or masquerading wi-fi network, or if their connection is otherwise being intercepted, an attacker could read all of the unprotected information plaintext.
TLS/SSL is not configured on the site, but it should be made the default on all pages considering the nature of the company’s business.
(Submitted by Dallam Oliver-Lee)