The social network Menshn has been reported to have been rife with security flaws and “is being exploited left right and centre”.
After its high-profile launch last week by British MP Louise Mensch, Menshn.com co-founder Luke Bozier has been forced to issue a series of statements to reconfirm the security of the social network.
However according to research by UK-based mobile applications developer Nick Shearer, the site has had ‘several major cross-site scripting (XSS) vulnerabilities’, despite denials by Bozier.
An XSS issue means a hacker can compromise the website, by simply pasting JavaScript code into the email address submission field during registration.
Shearer said he disclosed the vulnerability to Menshn.com via email and Twitter to Bozier, yet in less than an hour, the flaws were being publicly disclosed – particularly after Bozier began tweeting denials about the flaws.
“One of the problems with Luke’s tweets was that they invited people to find flaws. You should never claim your site is ‘safe, clean and secure’ – because the chances are it isn’t. Sure enough, it turned out that somebody had already found the exact same vulnerability and tweeted about it.”
“Since the exploit is out in the wild there’s really no point me responsibly disclosing it. People have subsequently found even worse security holes that work across all browsers, including Chrome. In fact, it turns out other Twitter users had already tried to responsibly disclose, but to no avail.”
He warned users to avoid the social media website until the security issues were fully resolved, saying it was ‘just too unsafe’.
Menshn, which allows people to talk about specific topics in “rooms” rather than the random style of Twitter, was launched in the US last week to mixed reviews. Critics have described Menshn as too complicated and limited.
Mrs Mensch and her co-founder Luke Bozier, a former tech adviser to the Labour Party, had originally planned to launch the UK version later this summer to coincide with the Olympic Games, but the volume of traffic on Twitter triggered by the international football persuaded the pair to advance the date.
Last night Mrs Mensch responded to criticism of the service by insisting that Menshn was a “niche complement” to Twitter. “We wanted to offer a permanent water cooler for people who want to talk live,” she said. “It isn’t at all a rival to Twitter, it is a niche complement.”
My question is do we really need another social network site, especially one riddled with security issues?
Leave a Reply