Modernizing Authentication — What It Takes to Transform Secure Access
"Most glaring of these, one user insisted, was an alleged failure by the site -- at least during its launch -- to insist that users send their passwords over a secure (https) link, hence opening users to the potential risk of having their passwords or cookie credentials lifted," writes The Register's John Leyden.
"'If you're using Menshn, don't,' programmer James Coglan tweeted. 'It's full of trivial web security holes.' He outlined a way hackers could intercept emails and passwords from new signups, and says he also found a way to hijack other Menshn accounts," writes CNET's Tom Davenport. "Meanwhile, prankster (and developer) Syd Lawrence found a less harmful exploit which let him rise up the chart of top users, overtaking Mensch herself. 'It only took three lines of code to up-vote my posts,' said Lawrence, who enjoyed experimenting with the site, but warned that password security is no joke."