Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.lawprofs.org/users/SteveBellovin/statuses/112068944660969767">Steve Bellovin (stevebellovin@mastodon.lawprofs.org)'s status on Sunday, 10-Mar-2024 11:16:48 JST</a><a href="https://mastodon.lawprofs.org/@SteveBellovin" title="stevebellovin@mastodon.lawprofs.org"><img src="https://gnusocial.jp/avatar/77524-48-20230523171429.webp" width="48" height="48" alt="Steve Bellovin" style="position: absolute; left: 0; top: 0;">Steve Bellovin</a><div><a href="https://sfba.social/@karlauerbach/112068891409150962" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/57840" title="karlauerbach@sfba.social">Karl Auerbach</a></li><li><a href="https://gnusocial.jp/user/85906" title="glent@aus.social">Glen, waiting for the pre-poll</a></li><li><a href="https://gnusocial.jp/user/173272" title="chris_bloke@mastodon.acm.org">Chris Samuel</a></li></ul></div></section><article><p><a href="https://sfba.social/@karlauerbach">@karlauerbach</a> <a href="https://mastodon.acm.org/@chris_bloke">@chris_bloke</a> <a href="https://aus.social/@glent">@glent</a> <a href="https://federate.social/@mattblaze">@mattblaze</a> Getting SIP security as good as possible was a continual challenge. As Security AD, I once blocked some RFC on security grounds, and had to defend my actions at a lunch surrounded by annoyed SIP folks. I had to pull out my laptop and show them exactly how the attack would work before they believed me. (It was, as I recall, a redirection request that was not properly authenticated.)</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2808454#notice-5571272">In conversation</a><time datetime="2024-03-10T11:16:48+09:00" title="Sunday, 10-Mar-2024 11:16:48 JST">about a year ago</time> <span>from <span><a href="https://mastodon.lawprofs.org/@SteveBellovin/112068944660969767" rel="external" title="Sent from mastodon.lawprofs.org via ActivityPub">mastodon.lawprofs.org</a></span></span><a href="https://mastodon.lawprofs.org/@SteveBellovin/112068944660969767">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Steve Bellovin (stevebellovin@mastodon.lawprofs.org)'s status on Sunday, 10-Mar-2024 11:16:48 JSTSteve Bellovin
in reply to
@karlauerbach @chris_bloke @glent @mattblaze Getting SIP security as good as possible was a continual challenge. As Security AD, I once blocked some RFC on security grounds, and had to defend my actions at a lunch surrounded by annoyed SIP folks. I had to pull out my laptop and show them exactly how the attack would work before they believed me. (It was, as I recall, a redirection request that was not properly authenticated.)
In conversationabout a year ago from mastodon.lawprofs.orgpermalink

Public

Embed Notice

HTML Code

Corresponding Notice