Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Security

Submission + - Easy CSRF attack changes Menshn.com user's password, "100% secure" claim owners (theregister.co.uk) 1

An anonymous reader writes: Menshn.com, a half baked twitter esq service has had security issues in the past (see http://www.theregister.co.uk/2012/06/25/menshn_security/). Now a CSRF attack allows any third party site to change a logged in Menshn.com users password has been demonstrated to 'The Register'. When this was reported the owners (current politician Luke Bozier and former politician Louise Mensch) they had the folling reactions:

"Not true at all. Menshn is 100% secure. There has never been a CSRF attack and I'm sure I know how to Google what that is," Bozier said in a Twitter message.

Mensch added: "Passwords are encrypted: HTTPS."

Again it seems the technically clueless are ignoring the "snippy geeks"

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Easy CSRF attack changes Menshn.com user's password, "100% secure" claim owners

Comments Filter:

"'Tis true, 'tis pity, and pity 'tis 'tis true." -- Poloniouius, in Willie the Shake's _Hamlet, Prince of Darkness_

Working...