J.M. Porup
Senior Writer
J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.
10 penetration testing tools the pros use
Penetration testing is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses ... before attackers do.
IT services giant HCL left employee passwords, other sensitive data exposed online
HCL left employee passwords, customer project details, and other sensitive information exposed online with no authentication.
Will the U.S. government draft cybersecurity professionals?
A Congressional commission might soon recommend conscription of cybersecurity professionals to serve in both the military and civil service. Will the government force security pros to work for Uncle Sam?
200 million-record breach: Why collecting too much data raises risk
Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list, including home address, telephone, religious affiliation and financial information now...
How to get started using Ghidra, the free reverse engineering tool
The Ghidra reverse engineering tool is free to download and use and is a worthy alternative to incumbent IDA Pro. Here's what you need to know to get started. (Some assembly required.)
Why your business continuity and disaster recovery plans should account for EMP attacks and GMD events
A new executive order from the White House directs critical infrastructure to prepare for electromagnetic pulse (EMP) attacks, but geomagnetic disturbance (GMD) events caused by solar flares are a greater threat to the enterprise.
How New York City plans to become a cybersecurity hub
America's largest city has been hit hard by the cybersecurity skills shortage and is working to grow its cybersecurity workforce.
What is a side channel attack? How these end-runs around encryption put everyone at risk
Side channel attacks on cryptography break confidentiality by exploiting information produced by the encryption — such as van Eck phreaking in a TEMPEST attack, courtesy the van across the street.
How and why deepfake videos work — and what is at risk
Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.
Inside the 2014 hack of a Saudi embassy
According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.
