Ghsotcat, Apache, NeTworks, Starliner – ASW #98
CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol. IMP4GT: IMPersonation Attacks in 4G NeTworks demonstrates a proven insecurity on a layer above provably secure protocol, Boeing implementing more rigorous testing of Starliner after software problems shows how problems in cloud computing will be just the same in star systems, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple’s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020.