New Vulnerability to be Found in Google+

Due to this vulnerability it was possible to obtain private information of 52.5 million accounts
11 December 2018   507

Google decided to close the social network Google+ not in August 2019, but in April. The reason was another vulnerability in the API, due to which it was possible to obtain private information of 52.5 million accounts. The company plans to close the social network API until mid-March 2019.

By December 10, 2018, the following error information was published:

  • Third-party applications requesting access to profile data, because of the bug in the API, received permission to view information, even if it is hidden by privacy settings;
  • the names of users, their email addresses, information about occupation, age and other confidential information were at risk;
  • passwords, financial data and national identification numbers have not been compromised;
  • the company has no evidence that anyone has exploited the vulnerability;
  • the error was fixed within 6 days: from November 7 to November 13, 2018.
  • Google said it sends notifications to all users affected by the bug.

The previous data leak of Google+ users occurred in October 2018. Then about 500 thousand accounts were compromised. The attackers could get the names, email addresses, age, gender and occupation of users.

Amazon to Release Corretto 8

Project is a continuation of the development of the Java 8, used by many companies
01 February 2019   275

Amazon has released the first ready-to-commercial release of the Corretto 8 project, which has a Java 8 distribution based on OpenJDK. The product is free and available as a code under the GPLv2 license. Prebuilt builds are available for Linux (Amazon Linux 2, Debian / Ubuntu, RHEL / CentOS), Windows and macOS, and are formed for aarch64 and x86_64 architectures. Ready-made image for use in Docker containers are availble too.

The key goal of the project is the maintainence of the Java 8 branch after Oracle discontinues the public release of updates for Oracle JDK 8 (from January 2019, Oracle publishes updates for Java 8 only within the framework of enhanced paid subscription support). Amazon intends to support Java 8 as a Corretto 8 distribution until at least June 2023.

Code base Corretto 8 is synchronized with JDK Open8u202. Amazon’s proposed extended support cycle includes generating quarterly updates that will include performance optimizations and security fixes. In the next Corretto releases, it is also planned to selectively backport some of the innovations from the new releases, and also include improvements developed by the OpenJDK community. During the entire existence of the Corretto 8 branch, access to updates will be provided free of charge and without any restrictions.

The Corretto project is a continuation of the development of the Java distribution kit, which is already used in Amazon’s internal infrastructure to provide thousands of business services. The product is certified as compliant with the Java SE specifications, validated with the TCK (Technology Compatibility Kit) when changes are made, and can be used to replace other Java SE distributions. In February or March, Amazon intends to form another LTS branch, Corretto 11, based on OpenJDK 11. Corretto 11 will be supported until August 2024.