September 2006 Archives

Their wording makes it clear once should update:

If you are running a version of Movable Type older than 3.2, it is especially imperative that you to migrate immediately to version 3.33 due to the importance of fixes for the current issues as well as several significant security enhancements which have been made since your version was released.

The wording on ProNet gives another hint about why one should do it in a timely fashion (my emphasis):

Although we feel it's extremely important to provide you will full details about the vulnerabilities so that you understand the severity of the issues, we are postponing release of that information for a couple of days. This will allow you sufficient time to update your system (and inform your neighbors about updating theirs) before putting it at greater risk for attack.

So, no clue about the vulnerabilities (fine) and a big warning to update asap.

You can chose to do a full upgrade for MT versions earlier than 3.2, or patch an existing 3.2 or 3.31/3.32 installation, be careful about picking the right localisation package.

Researchers from Princeton demonstrate how one could hack a Diebold machine and alter the election results, with an undetectable software that can also spread like a virus:

Read the full report of their research: Security Analysis of the Diebold AccuVote-TS Voting Machine.

[Via Lessig blog]

It's an infinite loop: iTunes 7 patches QTFairUse 2.2, QTFairUse 2.3 patches iTunes 7. In eight hours!