Home News Tory MP’s Twitter rival riddled with security holes

Tory MP’s Twitter rival riddled with security holes

590
0
menscn
menscn

Not sure if we need another social network to rival Facebook and Twitter but the latest one to come on the scene happens to be overrun with security vulnerabilities. Users complained that tory MP Louise Mensch-backed Menshn has a wide range of security flaws. One of the worst bought to attention is the failure to send passwords over a secure https link, leaving users exposed to having passwords and cookie credentials stolen by hackers.

The website was launched in the UK on Sunday in time for the England match. It is co-founded by Louise Mensch and former Labour digital adviser Luke Bozier. It is billed as a twitter like micro-blogging site for users to engage in debate on specific topics in 180 characters or less.

Just minutes after Bozier declared on Twitter that Menshn was safe, users reported several other serious flaws in the website. Bozier said that the site has “rock-solid security” and encouraged people to “keep menshning, folks”.

Nick S, the principal software engineer for mobile apps at Velti, discovered an XSS issue that permitted a hacker to compromise the website, by simply pasting JavaScript code into the email address submission field during registration.

Programmer James Coglan tweeted “If you’re using Menshn, don’t! It’s full of trivial web security holes.” He said attackers could capture emails and passwords from new signups, and said he also discovered a way to hijack other Menshn accounts.

Since the complaints, Menshn’s web team appears to be working on fixes to the site and it has also switched to https encryption by default.