Menshn Security Vulnerabilities Exposed

Menshn, an alternative to Twitter created by Conservative MP Louise Mensch, has experienced a tidal wave of vulnerability reports after its co-founder Luke Bozier tweeted that the website is “safe, clean & secure”.

Menshn launched in the UK on Sunday, after being tested in the US for about a month. The website was opened to the British public ahead of schedule to take advantage of the trending Euro 2012 tournament topic.

Don’t menshn the problems

Menshn is jointly-owned by Mensch and the former Labour digital adviser Luke Bozier. It was designed to focus on political debate in real-time, condensed in 180 characters or less.

Just minutes after Bozier tweeted that the site was safe, users reported several serious vulnerabilities in its structure.

Nick S, the principal software engineer for mobile apps at Velti, found an XSS issue that allowed an attacker to compromise the website, by simply pasting JavaScript code into the e-mail address submission field during registration.

The same vulnerability was confirmed by other Twitter users. Some have claimed that the website allows easy access to personal details and is the perfect platform to start a viral outbreak.

Other users raised questions about the site’s use of cookies, as there was no obvious warning – as required under European law – about the implementation of user tracking.

In addition, Twitter integration on the site crashed within two hours of UK launch.

We should also mention that today, TechWeekEurope has experienced serious stability issues while trying to access Mensh.

https://twitter.com/pixeltrix/status/217008451849695233″ data-datetime=”2012-06-24T21:37:01+00:00

Bozier has defended the site, saying that people were simply ‘claiming’ that they had found flaws, and the service was secure.

After ignoring security advice for a while, the Menshn team decided to heed the warnings and at the time of this story being published, it was claimed that the XSS vulnerability has been fixed. The website has also switched to HTTPS encryption by default.

However, it seems that Menshn controversy is far from over:

https://twitter.com/twitinsin/status/217261220070297600″ data-datetime=”2012-06-25T14:21:26+00:00

https://twitter.com/froots101/status/217162299868315649″ data-datetime=”2012-06-25T07:48:21+00:00

How well do you know Internet security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago