Jason Cosper

Semper fudge.

Tag: security

Implementing Public Key Pinning

While HPKP — which helps reduce the attack surface for man-in-the-middle attacks against HTTPS traffic — is only supported in a very small handful of recent Chrome and Firefox builds, it never hurts to get ahead of the curve. Especially when it comes to your site’s security.

January 28, 2015
WPScan Licensing

It looks like the WordPress security tool WPScan is looking to move away from the GNU GPL license for their software. That’s rather unfortunate, but after reading about companies trying to repackage and sell WPScan as their own work, I totally get where they’re coming from. Chasing these companies takes time, sometimes a whole day of emails…

January 21, 2015
MyFitnessPal doesn’t use HTTPS

When logged into MyFitnessPal, all of the pages transmit over insecure HTTP. Everything you eat, your body measurements, your daily activity, and any activity imported from third party services are all transmitted insecurely over HTTP. If you’re on a public wi-fi network, anyone can easily intercept this private health information. Even worse, if you manually…

January 19, 2015