Menshn Security Vulnerabilities Exposed

Menshn, an alternative to Twitter created by Conservative MP Louise Mensch, has experienced a tidal wave of vulnerability reports after its co-founder Luke Bozier tweeted that the website is “safe, clean & secure”.

Menshn launched in the UK on Sunday, after being tested in the US for about a month. The website was opened to the British public ahead of schedule to take advantage of the trending Euro 2012 tournament topic.

Don’t menshn the problems

Menshn is jointly-owned by Mensch and the former Labour digital adviser Luke Bozier. It was designed to focus on political debate in real-time, condensed in 180 characters or less.

Just minutes after Bozier tweeted that the site was safe, users reported several serious vulnerabilities in its structure.

Nick S, the principal software engineer for mobile apps at Velti, found an XSS issue that allowed an attacker to compromise the website, by simply pasting JavaScript code into the e-mail address submission field during registration.

The same vulnerability was confirmed by other Twitter users. Some have claimed that the website allows easy access to personal details and is the perfect platform to start a viral outbreak.

Other users raised questions about the site’s use of cookies, as there was no obvious warning – as required under European law – about the implementation of user tracking.

In addition, Twitter integration on the site crashed within two hours of UK launch.

We should also mention that today, TechWeekEurope has experienced serious stability issues while trying to access Mensh.

https://twitter.com/pixeltrix/status/217008451849695233″ data-datetime=”2012-06-24T21:37:01+00:00

Bozier has defended the site, saying that people were simply ‘claiming’ that they had found flaws, and the service was secure.

After ignoring security advice for a while, the Menshn team decided to heed the warnings and at the time of this story being published, it was claimed that the XSS vulnerability has been fixed. The website has also switched to HTTPS encryption by default.

However, it seems that Menshn controversy is far from over:

https://twitter.com/twitinsin/status/217261220070297600″ data-datetime=”2012-06-25T14:21:26+00:00

https://twitter.com/froots101/status/217162299868315649″ data-datetime=”2012-06-25T07:48:21+00:00

How well do you know Internet security? Try our quiz and find out!