Is this initiative useful for you?
Make a paypal donation or get your movable type project done with .
We're the right people for movable type consultancy services including: installations, upgrades, themes, templates, consultancy, troubleshooting as well as hosting.
The complete range of movable type services you might be looking for!
This is a personal website and doesn't have anything to do with Six Apart nevertheless Chris Alden, the former Six Apart CEO, appreciated my idea when he saw it available online.
Recently in Security Update Category
- OS Command Injection exists in the file management system, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files.
- Session Hijack and CSRF exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim's browser under the certain circumstances.
- XSS exists in templates where the variables are not escaped properly. A remote attacker could inject client-side script into web pages viewed by other users.
- XSS exists in mt-wizard.cgi. This vulnerability was reported by Trustwave (Trustwave's SpiderLabs Security Advisory TWSL2012-002)
Account and IP LockoutAccount lockout is a feature to protect your Movable Type account from a password-guessing attack known as a brute force attack or a dictionary attack. Movable Type locks out accounts after defined number of incorrect password attempts.
Changing Password Validation RulesA system administrator can set password validation policies to let users to use stronger passwords.
Stronger Password EncryptionI was myself signaling that movable type was recognizing only the first 8 characters of the password and that we need to make passwords stronger, now that there are so many *jerks* trying to penetrate various resources online.Well, I'm delighted to announce that movable type v5.13 introduces a stronger password encryption algorithm which recognizes the password in its full length.Six Apart also mentioned:When you upgrade your installation from the older versions to 5.13, Movable Type users still can sign-in to the installation with the old passwords, but it is recommended to update their passwords to utilize this change.Due to this change, the database column length of author_password was changed from 60 to 124.
Movable Type Upgrade Consultant
On June the 22nd Six Apart KK announced movable type v5.12, v5.06 and v4.37 as mandatory security updates mentioning that these updates resolve multiple vulnerabilities discovered in Movable Type 5.x and Movable Type 4.x and that all users must upgrade to this latest release immediately.
The impact of the vulnerabilities is described as:
Under certain circumstances, a user who has "Create Entries" or "Manage Blog" pemissions may be able to read known files on the local file system.
Go ahead and upgrade your installation right away or hire me to upgrade it on your behalf.