J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

What is Shodan? The search engine for everything on the internet

Bruce Schneier's Click Here to Kill Everybody reveals the looming cybersecurity crisis

Bruce Schneier's Click Here to Kill Everybody reveals the looming cybersecurity crisis

Everything is broken, and government and corporations like it that way. But when people start dying because of insecure cyberphysical systems, the overreaction from panicked policymakers could be worse than after 9/11.We need to solve...

SQL injection explained: How these attacks work and how to prevent them

SQL injection explained: How these attacks work and how to prevent them

There are several types of SQL injection, but they all involve an attacker inserting arbitrary SQL into a web application database query. The good news? SQLi is the lowest of the low-hanging fruit for both attackers and defenders.

Hey Facebook: Quit discouraging people from using 2FA

Hey Facebook: Quit discouraging people from using 2FA

Facebook is spying on user 2FA phone numbers to target them with ads. A non-trivial percentage of Facebook users will not use two-factor authentication as a result, a net loss to security.

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

The extremes of despair and optimism are both dangerous to information security. What we need to do is calmly assess the threats.

What is Wireshark? What this essential troubleshooting tool does and how to use it

What is Wireshark? What this essential troubleshooting tool does and how to use it

Wireshark is a must-have (and free) network protocol analyzer for any security professional or systems administrator. It's like Jaws, only for packets.

Are mixnets the answer to anonymous communications?

Are mixnets the answer to anonymous communications?

Combined with strong encryption such as the Signal protocol, modern mixnets could achieve the Holy Grail: metadata-resistant secure communications.

Hacking smart buildings

Hacking smart buildings

Smart buildings are giant IoT devices begging to get hacked. A new report offers concrete advice on how to mitigate the risk to building automation and control systems (BACS).

Why abandoned domain names are so dangerous

Why abandoned domain names are so dangerous

Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

Traveling to China for work? Punch through the Great Firewall and securely connect with your home office

Traveling to China for work? Punch through the Great Firewall and securely connect with your home office

Security is not just about confidentiality and integrity. It's also about availability. The new partnership between Wickr and Psiphon is worth a look for global enterprises with traveling employees.

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.

Do you need a vulnerability disclosure program? The feds say yes

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

Load More