InfoSec, tweeting and tooting when time allows. Dipping toes in mastodon at breditor@infosec.exchange - Founding (former) editor of SRSLY RISKY BIZ newsletter.
Joined February 2009
- Tweets 8,493
- Following 3,525
- Followers 5,243
- Likes 4,485
164 Photos and videos
Brett Winterford retweeted
May 19
Come work with us @okta ! We're looking for a new member of Okta's Threat Intelligence team. This role is one in which if you have a good idea that fits our mission, you can run with it. Plus, we're nice people. š North Korean IT workers need not apply. linkedin.com/jobs/view/44106ā¦
8
40
6,543
Brett Winterford retweeted
Apr 30
Over several weeks, @okta tested OpenClaw with various AI models to see how agents handle API keys, OAuth tokens and credentials. Agents can't be trusted, and it's easy to talk them into skirting their guardrails. Don't let agents see secrets! More here: okta.com/newsroom/articles/wā¦
1
2
344
Brett Winterford retweeted
Anyone reusing credentials on their Fortinet device? Asking for a friend on AS17511 (219.75.254[.]166) who keeps failing to get their password right.
1
5
7
2,308
Brett Winterford retweeted
We analyzed over 300,000 rows of the January 2026 BreachForums database leak to find their users' anonymizers of choice.
Join us in the cantina. š§µ
1
7
9
3,064
Brett Winterford retweeted
Mar 31
I recently joined @reckless on @DecoderPod to discuss the āSaaSpocalypse,ā the future of software, and why the identity layer for AI agents could become the biggest category in cyber. Really enjoyed this conversation: bit.ly/481Tema
1
1
7
612
Brett Winterford retweeted
A browser extension promised security. In reality, it was a Trojan horse for your crypto.
We tracked the extension, mapped the infrastructure and pulled the plug.
Full breakdown of the takedown: bit.ly/40E9i9N
4
5
1,262
Brett Winterford retweeted
Your star hire might be a DPRK agent. š°šµ @Okta reveals how state actors use stolen LinkedIn IDs, AI-generated faces, and forged git commits to bypass HR. Verify identities before they're on your payroll! #opentowork bit.ly/4quh8go
ALT AI-generated image of a post from a North Korean state actor
3
8
1,681
Brett Winterford retweeted
Google disrupted IPIDEA, a major residential proxy network. Our data confirms a sharp drop in their active IPs following the action. š
Protect your Okta org today: block IPIDEA and residential proxies with dynamic network zones bit.ly/3OiZVJz
6
28
13,504
Brett Winterford retweeted
26 Nov 2025
Still tracking the bad packets, now powered by Okta log data! Top ASNs used in recent signup fraud attacks:
ā¢ 212238
ā¢ 16276
ā¢ 44477
ā¢ 26548
ā¢ 200373
ā¢ 137409
ā¢ 214483
ā¢ 13213
ā¢ 397368
1
4
11
5,400
Brett Winterford retweeted
26 Nov 2025
Cross App Access (XAA) is now the #MCP authorization extension: āEnterprise-Managed Authorizationā.
Proud @okta played a role in establishing this new protocol to secure AI. bit.ly/3Knjzm8
1
2
8
1,436
Brett Winterford retweeted
14 Nov 2024
Troy Iwata got hired for Trump's cabinet, but @jordanklepper wasn't?
12
172
979
149,110
Weāve introduced passkeys as a simple and secure option for people to sign in to their myGov account.
Your account will be most secure when you create a passkey and turn off your password as a sign in option.
To find out more watch this video, or visit: my.gov.au/passkeys
7
4
13
5,284
20 Jul 2024
Expect social engineers to exploit the Falcon issue. crowdstrike.com/blog/falcon-ā¦
4
163
Check out our very own CPO, @clcsampaio, being interviewed on @riskybusiness about Identity and Fine Grained Authorization!
š§ Listen to the full episode here: bit.ly/4bQezhQ
ALT Photo of Okta's Cassio Sampaio. Text reads, "Interviewed onRisky Business Podcast"
3
1
2,596
Brett Winterford retweeted
21 May 2024
back in my day we called this spyware
ALT New Windows AI feature records everything youāve done on your PC Recall uses AI features "to take images of your active screen every few seconds."
139
4,248
19,948
1,274,014
3 May 2024
Messing with gaming companies is a cyber-stormtrooping worthy event
abc.net.au/news/2024-05-02/cā¦
1
2
378
3 May 2024
Now bringing new, confused audiences to the @riskybusiness podcast!
2 May 2024
New podcast dropping soon! I'm super excited to announce that I'm launching a show called Risky Business. Cohosted by me and Maria Konnikova (@mkonnikova). First episode is May 16. You can learn more here: natesilver.net/p/announcing-ā¦
1
2
8
1,293
Brett Winterford retweeted
2 May 2024
New podcast dropping soon! I'm super excited to announce that I'm launching a show called Risky Business. Cohosted by me and Maria Konnikova (@mkonnikova). First episode is May 16. You can learn more here: natesilver.net/p/announcing-ā¦
31
18
139
197,065
Brett Winterford retweeted
1 May 2024
Scoop: @CISAgov is asking software companies to sign a pledge committing them to implementing seven key "secure-by-design" goals.
CISA plans to announce the pledge with ~50 signatories at RSA next week.
Major test of efficacy of CISA's SBD campaign.
wired.com/story/cisa-cyberseā¦
4
44
80
50,516
4 Apr 2024
Kudos @a_greenberg for the depth of research and clarity he brought to Wiredās write-up on the XZ backdoor.
We dug into the mystery of "Jia Tan," the polite, conscientious volunteer coder who inserted a surprisingly sophisticated backdoor into XZ Utilsāand is most likely the persona of a state-sponsored hacking group based in an Eastern European time zone. wired.com/story/jia-tan-xz-bā¦
1
3
817