Max Maass 

@[email protected]
471 Followers
131 Following
1.6K Posts

Sr. Security Specialist at iteratec // @seemoo alumni // Member of CCC // Crypto means cryptography.

tfr.

Bloghttps://blog.maass.xyz
GitHubhttps://github.com/malexmave
Pixelfedhttps://pixel.infosec.exchange/@hacksilon
Pronounshe/him
Max Maass 1d ago
OH: "Cat Content Connoisseurs ( #CCC )"
Show threadMax Maass 1d ago
@nopatience yep, that looks like the sorts of sources I am looking for 👍
Show threadMax Maass 1d ago
@nopatience as opposed to chips and crude oil? Yes.
Show threadMax Maass 1d ago
@nopatience Mostly looking at supply chain attacks right now, so stuff like trivy, axios, etc. - current sources are Socket.dev, OpenSourceMalware, OX Security, Aikido, StepSecurity, Huntress. Goal is to know about a supply chain attack as quickly as possible, so we can start incident response and countermeasures in our project. Logical next step would be sources for critical CVEs in JS and Java ecosystem, but one thing at a time. :)
Show threadMax Maass 1d ago
@nopatience Great, thanks for the quick response. I am currently setting up a similar system (monitoring for relevant advisories etc.) and am looking for sources to ingest, so seeing which ones you are working with, in addition to the ones I am using myself, will be quite helpful. :)
Show threadMax Maass 1d ago

@nopatience This is a really cool website, thank you. I have it open in a tab and check it once a day to see if I missed something important.

Do you share the list of sources that you are using for this anywhere?

Max Maass 1d ago
Beetlebum1d ago
I imported some Bavarian heritage into the workshop and so should you!
Max Maass 1d ago
Socket2d ago

🧨 Axios only needed to be resolved somewhere in your dependency graph to affect you.

Semver + transitive deps + runtime installs = hidden blast radius.

If you only checked your project’s lockfile, you may still not know.

https://socket.dev/blog/hidden-blast-radius-of-the-axios-compromise #nodejs

The Hidden Blast Radius of the Axios Compromise - Socket

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

Socket
Max Maass 2d ago
GeriAQuin2d ago
#Cat #Cats #CatsOfMastodon #blackcat 🐈‍⬛
Show threadMax Maass 2d ago

@foxbasealpha just FYI: unless you combine it with an external SSD or other storage device, I would recommend skipping the Pi and going for a mini PC with SSD or HDD. Pi‘s with SD cards have a nasty habit of frying the card due to the many write cycles home assistant uses. I have a Beelink PC with Proxmox that is running HA and some other stuff in individual VMs, and this also gives you some more breathing room in terms of CPU and RAM, depending on the specs you get.

In terms of the comparison between Pi‘s, I can’t offer any recommendation as I haven’t tried either.