rothwell.im

by Jonathan Rothwell

[LINK] Menshn goes on the 'security shit list'

It turns out that Menshn, Louise Mensch’s bizarre Twitter alternative, has a few nasty security practices up its sleeve, as evidenced when Paul Gregg had to reset his password:

...all normal security conscious web sites will create an encrypted, time limited, one-time use token or URL that you can use to reset your password and email that to you.

No, not Menshn. Menshn will email your actual password in plain text.

It’s worth noting that Luke Bozier tweeted last month to say:

menshn runs completely on an encrypted ‘https’ connection - all passwords, email addresses and everything else are secure.

Unless someone, y’know, walks into the data centre or intercepts a password reset mail. Poor show, for someone who spends an awful lot of his time on Twitter ridiculing script kiddies’ attempts at SQL injection.