In a update posted on its corporate blog earlier this morning, blogging software maker Six Apart basically admitted that security holes in its Movable Type product(s) are to be blamed for the recent, recent hacking and damage of the PBS.org website, which occurred at the end of last month.
Hackers associated with WikiLeaks at the end of May managed to break into and deface the US broadcaster’s website after it had aired a controversial documentary called WikiSecrets about the whistle-blowing site.
LulzSec, the hacker group that claimed responsibility for the action (and the same group that has been harassing Fox, Sony and Nintendo lately), in a recent interview with Forbes said that the attack was made possible thanks to PBS’s “outdated”
content management system.
The hackers had managed to publish a fake report on the PBS website, claiming that legendary rapper Tupac was alive and well living in New Zealand. The content management system used by PBS was Six Apart’s Movable Type software, Today, the
company issued the first Movable Type update since the PBS hacking case. Mandatory security updates for Movable Type 4.3, 5.0, and 5.1 were released this morning.
The company says the impact of the vulnerabilities in its products did in fact allow hackers to “create, read or modify the contents in the system under certain circumstances”.
This issue brings to the surface the overall lack of investment by corporate America in keeping their technology platforms, devices and gadgets update. Significant cost cutting and deferrals of capital spending programs has left many organization vulnerable to these types of attacks. Many corporations are running outdated software and in many cases unsupported software.
We believe organizations should be required to disclose any software that is unsupported by the original manufacture or
vendor. In addition, failure of supplies to routinely update their products to address threats to increase their bottom line is a growing concern in this economy.