Several Security Flaws Found in Menshn Social Network

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

UK politician Louise Mensch recently introduced a new Twitter-like messaging service, menshn, that was immediately found to be riddled with security holes.

"Most glaring of these, one user insisted, was an alleged failure by the site -- at least during its launch -- to insist that users send their passwords over a secure (https) link, hence opening users to the potential risk of having their passwords or cookie credentials lifted," writes The Register's John Leyden.

"Nick S, the principal software engineer for mobile apps at Velti, found an XSS issue that allowed an attacker to compromise the website, by simply pasting JavaScript code into the e-mail address submission field during registration," writes TechWeekEurope's Max Smolaks. "The same vulnerability was confirmed by other Twitter users."

"Other users raised questions about the site’s use of cookies, as there was no obvious warning -- as required under European law -- about the implementation of user tracking," Smolaks adds.

"'If you're using Menshn, don't,' programmer James Coglan tweeted. 'It's full of trivial web security holes.' He outlined a way hackers could intercept emails and passwords from new signups, and says he also found a way to hijack other Menshn accounts," writes CNET's Tom Davenport. "Meanwhile, prankster (and developer) Syd Lawrence found a less harmful exploit which let him rise up the chart of top users, overtaking Mensch herself. 'It only took three lines of code to up-vote my posts,' said Lawrence, who enjoyed experimenting with the site, but warned that password security is no joke."