J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

The Latest from J.M.

Review

Bruce Schneier's Click Here to Kill Everybody reveals the looming cybersecurity crisis

Everything is broken, and government and corporations like it that way. But when people start dying because of insecure cyberphysical systems, the overreaction from panicked policymakers could be worse than after 9/11.We need to solve...

Feature

SQL injection explained: How these attacks work and how to prevent them

There are several types of SQL injection, but they all involve an attacker inserting arbitrary SQL into a web application database query. The good news? SQLi is the lowest of the low-hanging fruit for both attackers and defenders.

Opinion

Hey Facebook: Quit discouraging people from using 2FA

Facebook is spying on user 2FA phone numbers to target them with ads. A non-trivial percentage of Facebook users will not use two-factor authentication as a result, a net loss to security.

Opinion

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

The extremes of despair and optimism are both dangerous to information security. What we need to do is calmly assess the threats.

Feature

What is Wireshark? What this essential troubleshooting tool does and how to use it

Wireshark is a must-have (and free) network protocol analyzer for any security professional or systems administrator. It's like Jaws, only for packets.

News Analysis

Are mixnets the answer to anonymous communications?

Combined with strong encryption such as the Signal protocol, modern mixnets could achieve the Holy Grail: metadata-resistant secure communications.

News Analysis

Hacking smart buildings

Smart buildings are giant IoT devices begging to get hacked. A new report offers concrete advice on how to mitigate the risk to building automation and control systems (BACS).

News Analysis

Why abandoned domain names are so dangerous

Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

News Analysis

Traveling to China for work? Punch through the Great Firewall and securely connect with your home office

Security is not just about confidentiality and integrity. It's also about availability. The new partnership between Wickr and Psiphon is worth a look for global enterprises with traveling employees.

News Analysis

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.

News Analysis

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

Popular Resources

White Paper

2018 Networking and Security Trends Report: From Data Centers to Centers of Data
White Paper

Manage the Business, Not the Printer
White Paper

Optimize Your PC Lifecycle Management
White Paper

Is Your IT Spend Aligned with Your Business
Video/Webcast
Sponsored

Multi-Cloud Cost Optimization with Nutanix Beam

See All