Fred PosnerI've come here to chew bubblegum and watch my #KamailioWorld2026 presentation "#APIBAN and #Kamailio "... and I'm all out of bubble gum.
YouTube
Time for me to say... "There are those who read what @sandrogauci and @enablesecurity write and those who wish they had."
Also, very honored to have #APIBAN make the newsletter -- in a good way. ;)
https://www.enablesecurity.com/newsletter/2026-02-rtcsec-news/
February 2026: TURN security series, libvpx VP9 overflow, Grandstream RCE, coturn fixes
RTCSec newsletter for February 2026 covering Enable Security's TURN server security blog series, libvpx VP9 encoder heap overflow in Chrome and Firefox, Grandstream GXP1600 unauthenticated RCE with call interception, coturn 4.9.0 IPv4-mapped IPv6 ACL bypass, AISLE Research finding Firefox WebRTC and OpenSIPS vulnerabilities, APIBAN 2025 year in review, and more
Wrote an at-most 2 min read about #APIBAN https://www.fredposner.com/apiban-summer-2024/
CommCon SF will be starting shortly. Here's the livestream link:
Great Day 1 here at @commcon San Francisco hacking away (with some @cloudflare API's), meeting with friends, and meeting new people.
Looking forward to talking about #APIBAN tomorrow.
Big thanks to Lorne Gaetz for his help testing apiban-fail2ban on FreePBX 16/17. His feedback has allowed for script improvements and better documentation.
Added a new simple, lazy install script for the apiban-fail2ban client. The script is geared towards freepbx using "asterisk-iptables" as the jail.
Running #freepbx or a web facing system with #fail2ban ?
There’s an apiban client for that ;)
@north @fredposner I’ve done it a couple times re #kamailio and #apiban - it’s a friendly one to one that’s then broadcast a week or two later.