Mensch pal Bozier defends Menshn security, dubs critics 'snippy geeks'
The launch of a Twitter-like messaging service co-founded by UK politician Louise Mensch on Sunday has been accompanied by a huge security flap. According to users who sent in complaints, Menshn.com allegedly harboured a variety of security flaws. Most glaring of these, one user insisted, was an alleged failure by the site – at …
This topic is closed for new posts.
Come 'n 'ave a go if you think y'er 'ard enuff
Did it read like that to anyone else?
They're gonna be offline by the weekend methinks.
Re: Come 'n 'ave a go if you think y'er 'ard enuff
Doesn't appear to be online at present.
Still, never mind; I was only visiting to pick up SQL tips.
Re: Come 'n 'ave a go if you think y'er 'ard enuff
Each page load seems to fire off way too many HTTP requests, so they're probably DDoSing themselves.
What's the point?
If anything you write disappears after a week, you might as well be posting comments under ephemeral articles on a news web site... wait a m
Bozio
Apart from the fact that he reads like an arrogant MBA pseudo-geek who can't remember what side of the Atlantic he's on, I'm betting he wasn't even born when his 'vision' of an online community first went live.
Chatrooms with preset, premoderated topics; comments deleted after a week; 'promised' free of trolls and spam... it's Micronet 800 folks!
Re: Bozio
Louise Mensch is a household name in the UK. Leveraging her trendy brand to entice youngsters to a new niche social network should be quite easy, and Menshn should be an enormous success - security hiccups or not.
Wait a minute, did I say Louise Mensch? I was thinking of Lady Gaga. Forget what I said; no-one cares who she is and what she does.
Possibly because it has been taken over by spambots now busily spamming!
"Oops! Google Chrome could not connect to menshn.com"
Seems totally unusable. Somebody must have done SQL injection on it and its toy DB is in a death spiral.
Wouldn't surprise me. Or their servers are connected to a dial up modem.
"Oops! Google Chrome could not connect to menshn.com"
Yep, still down
Re: "Oops! Google Chrome could not connect to menshn.com"
Oo- it's back- now reports:- "Your browser is too modern- please download IE6 or earlier."
Re: "Oops! Google Chrome could not connect to menshn.com"
It's up and down like a whores knickers.
I'll bet it's some combination of the reddit/slashdot thing coupled with the Streisand effect probably with a few /b/tards thrown in for good measure.
Re: "Oops! Google Chrome could not connect to menshn.com"
Times a thousand.
Re: "Oops! Google Chrome could not connect to menshn.com"
Woo! It's back up! And totally not worth the fucking effort.
Seriously, I've designed better websites by sneezing, that really us the most user unfriendly bollocks I've seen in a long time.
The real security problem is -
- how stupid you'd need to be to sign up to this site.
Unless of course, you use a fake ID to sign up and post off-message comments - not that I advocate any such thing.
Re: The real security problem is -
Disposable email - Check
Tor Browser - Check
Goastse - Check
Looks like you're all ready to raid :) Who said politics wasn't fun?
Little 4 year old Bobby Tables writes his own SQL!
Ok, who puts 'https' into quotes when issuing statements about security?
Re: Little 4 year old Bobby Tables writes his own SQL!
The same people that make quotation mark gestures with their fingers when they're talking.
I believe these people are the 17th group in line for the firing squad when the revolution comes, although I don't have my list handy right now so I can't check.
Re: Little 4 year old Bobby Tables writes his own SQL!
> 17th group in line for the firing squad
Yep - their last words being, 'I suppose you're going to "shoot me" now'.
Re: Little 4 year old Bobby Tables writes his own SQL!
Luckily for the rest of us, the first in line for the squad are the people who think firing squads for various demographics is a good idea.
Re: Little 4 year old Bobby Tables writes his own SQL!
So, not the Sirius Cybernetics Corporation marketing division then?
Re: Little 4 year old Bobby Tables writes his own SQL!
No, the first in line are the people who want to be, or are, in said firing squad.
politics
You can tell the guy is a politicean. I mean, he continually says that there are no problems despite all the warnings that there are, any time something is found he pounces on it to deny it before its even common knowledge.
Everything he's doing is politics 101.
Re: politics
How can you tell a politician is lying?
Their lips move.
Re: politics
I have an easier way. He's a politician. It's basically something that he perceives to be his job.
I don't particularly care what party they belong to, I have a healthy distrust of anyone who wants to be a politician or refers to themselves as one. It's like the line from The Thin Blue Line about gun ownership. A good enough reason to stop someone becoming a politician should be that they WANT to be one.
Re: politics
"A good enough reason to stop someone becoming a politician should be that they WANT to be one."
I agree completely. They are supposed to be there to represent us, the normal people. Yet wanting power makes them abnormal, therefore unsuitable for the role.
I know it's a gross simplification, but IMHO it fits.
Re: politics
> A good enough reason to stop someone becoming a politician should be that they WANT to be one.
Not *entirely*...
A few years back, I was toying with the idea of standing for Parliament. Not because I want to be an MP - I just want rid of the incumbent numbnuts.
Sadly, I live in a "safe seat" area :-(
Vic.
Penshn
Hopefully she's invested her entire penshn. Auto-refreshing the site every minute could be a fine way of liberating some politician's ill gotten gains if they're running it on AWS.
"Politicians are not born, they are excreted" -Marcus Tullius Cicero
Rule number 1 of managing vulnerabilities:
Don't call someone with an exploit on your site a 'snippy geek'.
A little microcosm of why the UK is where it is today
So, a technical glitch is found with a website, requiring analysis and comment by a technical expert, but instead we have a floor-crossing politician being quoted as the answer ?
How many people, on being rushed to A&E would be happy to see Andrew Lansley scubbed up saying "there is no problem" ?
How about next time the reg needs a political analysis, it asks googles server team ?
WOW
It only took two and half minuets to load the homepage - amazing work guys!
Also, I know finding sensible urls is hard these days but just randomly mashing the keyboard to make up a website name is a bit lame is you ask me!
Deleted after 7 days?
I'm not sure Theresa May would be very happy having all that communications data deleted before MI5 have a chance to look for any funny business.
More importantly,
why do we need yet another social network?
Google+ is more than enough (or Facebook and Twitter, if you must).
Unfounded vulnerabilities? I think not
at least 3 people I know notified them of issues. I notified them about the clear text passwords on Friday night. It's documented here http://www.securityg33k.com/blog/?p=595 . You guys decide what's unfounded and what isn't
site down
Has someone been playing with that python Hulk script again ??
Re: site down
14:43 it's down again.
I wonder if this hasn't been stolen from a future "In The Thick Of It" script? You can just imagine Malcolm Tucker and his adversary setting up rival social networks...
The icon is for the bozos who set this up.
Re: site down
I'm not sure that will even be necessary. It looks like it's PHP + MySQL so, unless there's connection pooling and a good DBA around, max connections will be an issue pretty quickly and someone will need to add a lot of indices by hand if they don't want queries to die the agonising death of file scans.
Ouch, and before anyone asks, this isn't hacking or DoS.
ab -n 1000 -c 10 http://www.menshn.com/
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking www.menshn.com (be patient)
apr_socket_recv: Operation timed out (60)
Total of 33 requests completed
You can just imagine Malcolm Tucker and his adversary setting up rival social networks.
hehehe - Logs on to Twucker.com to post a "twuck"
The only social network where offensive language is #@£*ing mandatory!
Re: site down
So I just left a brick on the F5 key until it loads.
What? That's how you get unresponsive sites to load isn't it?
Re: twucker.com
Pity it isn't a real service. :-( That would be my kind of network.
Might make a summer project out of it. You can't post anything unless you've got two ticks. Fortunately, for really important stuff you can simply leak the information.
"Menshn is a safe, clean & secure environment."
Sounds like famous last words! Like a red rag to a script kiddy.
It's like showing an uncrackable safe to a safe cracker.
Re: "Menshn is a safe, clean & secure environment."
Do 4chan/Anon etc. et al know about this stuff. I do hope so.
I can't wait to watch this unfold
I think we need a sweepstakes for how long they will attempt to keep the site running before they give up and go home ... I'm going to be generous and give them a week :D
This topic is closed for new posts.
