MT Security Hole

If you’re using Movable Type, you need to be aware of a new security hole in the current installations with the mt-send-entry.cgi part of the application.

This is detailed at the Movable Type site, but basically, comment spammers can use this application to send comment spam around the world using your name and weblog as the sendee.

Unless you use the ‘Email this to a friend’ functionality, delete that sucker from your cgi-bin. Otherwise, Ben has a patch that will help secure this app more (but not 100%).

BTW has anyone heard anything about when Movable Type Pro is going to be out, or what new functionality it will have?

This entry was posted in Technology. Bookmark the permalink.

3 Responses to MT Security Hole

  1. Pingback: Geodog's MT Weblog

  2. Pingback: Geodog's MT Weblog