Menshn, an alternative to Twitter created by Conservative MP Louise Mensch, has experienced a tidal wave of vulnerability reports after its co-founder Luke Bozier tweeted that the website is “safe, clean & secure”.
Menshn launched in the UK on Sunday, after being tested in the US for about a month. The website was opened to the British public ahead of schedule to take advantage of the trending Euro 2012 tournament topic.
Menshn is jointly-owned by Mensch and the former Labour digital adviser Luke Bozier. It was designed to focus on political debate in real-time, condensed in 180 characters or less.
Nick S, the principal software engineer for mobile apps at Velti, found an XSS issue that allowed an attacker to compromise the website, by simply pasting JavaScript code into the e-mail address submission field during registration.
The same vulnerability was confirmed by other Twitter users. Some have claimed that the website allows easy access to personal details and is the perfect platform to start a viral outbreak.
Other users raised questions about the site’s use of cookies, as there was no obvious warning – as required under European law – about the implementation of user tracking.
In addition, Twitter integration on the site crashed within two hours of UK launch.
We should also mention that today, TechWeekEurope has experienced serious stability issues while trying to access Mensh.
https://twitter.com/pixeltrix/status/217008451849695233″ data-datetime=”2012-06-24T21:37:01+00:00
Bozier has defended the site, saying that people were simply ‘claiming’ that they had found flaws, and the service was secure.
After ignoring security advice for a while, the Menshn team decided to heed the warnings and at the time of this story being published, it was claimed that the XSS vulnerability has been fixed. The website has also switched to HTTPS encryption by default.
However, it seems that Menshn controversy is far from over:
https://twitter.com/twitinsin/status/217261220070297600″ data-datetime=”2012-06-25T14:21:26+00:00
https://twitter.com/froots101/status/217162299868315649″ data-datetime=”2012-06-25T07:48:21+00:00
How well do you know Internet security? Try our quiz and find out!
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…