Posted by Scott Arciszewski on Sep 07

Story time, FD.

Hopefully I can save someone else from having to deal with the
frustration of dealing with Bullhorn.

March 3, 2014 – I observed that SendOuts (owned by Bullhorn) didn’t
use HTTPS even though it was available, nor HSTS once someone
explicitly accessed the https://webconnect3.sendouts.com URL.

When I went to notify them on their support forums, I noticed they
were running an ancient version of phpBB. A version known to be…