https://ataraskov.dev/tags/security/Recent content in Security on Tech enthusiast's blogHugoen-us&copy; Copyright 2023, ataraskov.devWed, 15 Apr 2026 12:10:28 +0100https://ataraskov.dev/posts/2026/04/supply-chain-security/Wed, 15 Apr 2026 12:10:28 +0100https://ataraskov.dev/posts/2026/04/supply-chain-security/<p>Supply chain attacks are nothing new, unfortunately. Though the last few got me scared. Like <a href="https://futuresearch.ai/blog/litellm-attack-transcript/">this</a> one, around LiteLLM python library. The LiteLLM one was particularly nasty one, as it was enough to just install the library.</p> <p>I love open-source community and what it provides to all of us. But social engineering makes it too hard to keep your keys private.</p> <p>The good news is, private ssh keys are more or less safe when used via ssh-agent, and keylogger is hard to setup without privilege escalation (at least on linux). So please, please, please do not blindly type your password in a random pop-up window.</p>