J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

Cylance researchers discover powerful new nation-state APT

Learn to play defense by hacking these broken web apps

Learn to play defense by hacking these broken web apps

OWASP's Broken Web Applications Project makes it easy to learn how to hack web applications--a critical skill for web application developers playing defense, junior penetration testers, and security-curious management.

What are deepfakes? How and why they work

What are deepfakes? How and why they work

Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.

Doctored Jim Acosta video shows why fakes don’t need to be deep to be dangerous

Doctored Jim Acosta video shows why fakes don’t need to be deep to be dangerous

White House promotion of an allegedly doctored press conference video shows how "shallow fakes" can manipulate opinion.

Burned malware returns, says Cylance report: Is Hacking Team responsible?

Burned malware returns, says Cylance report: Is Hacking Team responsible?

Burning malware forces attackers to evolve, not go away. Network defenders take note.

What is Shodan? The search engine for everything on the internet

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

SQL injection explained: How these attacks work and how to prevent them

SQL injection explained: How these attacks work and how to prevent them

There are several types of SQL injection, but they all involve an attacker inserting arbitrary SQL into a web application database query. The good news? SQLi is the lowest of the low-hanging fruit for both attackers and defenders.

Hey Facebook: Quit discouraging people from using 2FA

Hey Facebook: Quit discouraging people from using 2FA

Facebook is spying on user 2FA phone numbers to target them with ads. A non-trivial percentage of Facebook users will not use two-factor authentication as a result, a net loss to security.

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

The extremes of despair and optimism are both dangerous to information security. What we need to do is calmly assess the threats.

What is Wireshark? What this essential troubleshooting tool does and how to use it

What is Wireshark? What this essential troubleshooting tool does and how to use it

Wireshark is a must-have (and free) network protocol analyzer for any security professional or systems administrator. It's like Jaws, only for packets.

Why abandoned domain names are so dangerous

Why abandoned domain names are so dangerous

Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

Traveling to China for work? Punch through the Great Firewall and securely connect with your home office

Traveling to China for work? Punch through the Great Firewall and securely connect with your home office

Security is not just about confidentiality and integrity. It's also about availability. The new partnership between Wickr and Psiphon is worth a look for global enterprises with traveling employees.

Load More