Menshn, an alternative to Twitter created by Conservative MP Louise Mensch, has experienced a tidal wave of vulnerability reports after its co-founder Luke Bozier tweeted that the website is “safe, clean & secure”.
Menshn launched in the UK on Sunday, after being tested in the US for about a month. The website was opened to the British public ahead of schedule to take advantage of the trending Euro 2012 tournament topic.
Menshn is jointly-owned by Mensch and the former Labour digital adviser Luke Bozier. It was designed to focus on political debate in real-time, condensed in 180 characters or less.
Nick S, the principal software engineer for mobile apps at Velti, found an XSS issue that allowed an attacker to compromise the website, by simply pasting JavaScript code into the e-mail address submission field during registration.
The same vulnerability was confirmed by other Twitter users. Some have claimed that the website allows easy access to personal details and is the perfect platform to start a viral outbreak.
Other users raised questions about the site’s use of cookies, as there was no obvious warning – as required under European law – about the implementation of user tracking.
In addition, Twitter integration on the site crashed within two hours of UK launch.
We should also mention that today, TechWeekEurope has experienced serious stability issues while trying to access Mensh.
https://twitter.com/pixeltrix/status/217008451849695233″ data-datetime=”2012-06-24T21:37:01+00:00
Bozier has defended the site, saying that people were simply ‘claiming’ that they had found flaws, and the service was secure.
After ignoring security advice for a while, the Menshn team decided to heed the warnings and at the time of this story being published, it was claimed that the XSS vulnerability has been fixed. The website has also switched to HTTPS encryption by default.
However, it seems that Menshn controversy is far from over:
https://twitter.com/twitinsin/status/217261220070297600″ data-datetime=”2012-06-25T14:21:26+00:00
https://twitter.com/froots101/status/217162299868315649″ data-datetime=”2012-06-25T07:48:21+00:00
How well do you know Internet security? Try our quiz and find out!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…