Recently, Six Apart released an update to Movable Type that patched a vulnerability that allowed a malicious user to send e-mail through the application to any number of arbitrary users if comment notifications are enabled. For those who did not want to upgrade to version 3.15, they also made a plug-in available which also prevents the exploit.
Yesterday, TotalChoice Hosting sent an e-mail to their users, saying that they had pushed a copy of this plug-in out to the installations of all of their customers with Movable Type. Seeing as I had already upgraded to 3.15 more than twelve hours earlier, this plug-in was redundant. No harm was done, and deleting the extraneous plug-in was simple enough. Still, it’s a “principle” thing.
It really ticks me off that TCH took it upon themselves to modify my MT installation without my permission. I haven’t decided yet whether to send them a complaint e-mail, but I just felt like venting.
Leave a comment