Jia Tan, XZ Utils and the perils of trust with Andreas Constantinides

This week Andreas Constantinides, a renowned cybersecurity expert, joins me to help me uncover the alarming case of Jia Tan—a fabricated identity at the center of a sophisticated cyber espionage operation. Andreas lends his extensive expertise as we analyze how Jia Tan, seemingly a diligent contributor to open-source projects like XZ Utils, was a cover for a collective executing a long-term backdoor placement in critical software infrastructure. This episode not only explores the broader implications of trust and security in the open-source community but also discusses the fact that female personas are commonly used by hackers in long-sting operations. Join us as we piece together the digital puzzle that nearly compromised millions of servers worldwide.

more episodes at https://breaking20.eu/