

J.M. Porup
Senior Writer
J.M. Porup got his start in security working as a Linux sysadmin in 2002. Since then he's covered national security and information security for a variety of publications, and now calls CSO Online home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent. He holds a Masters degree in Information and Cybersecurity (MICS) from UC Berkeley.

How and why deepfake videos work — and what is at risk
Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.

8 video chat apps compared: Which is best for security?
Zoom, Microsoft Teams, Google Duo, Cisco Webex, FaceTime, Jitsi, Signal and WhatsApp. What does their encryption look like? What are the trade-offs?

11 penetration testing tools the pros use
Pentesting is a simulated cyber attack where professional ethical hackers break into corporate networks to find weaknesses ... before attackers do.

11 top DEF CON and Black Hat talks of all time
Hacker summer camp is almost upon us again. Here are some of the best talks of all time. Will this year's virtual talks measure up to these legends?

Why abandoned domain names are so dangerous
Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

Should you deploy a TLS 1.3 middlebox?
Organizations moving to the TLS 1.3 protocol must decide whether to deploy middleboxes that intercept network traffic for greater visibility, but doing so presents security and regulatory risks.

5 examples of security theater and how to spot them
Security theater is a term coined by Bruce Schneier to describe security measures that satisfy our emotional need to take action, but don’t actually improve security. Rooting these out can save considerable time and money -- and make...

Hashcat explained: How this password cracker works
Hashcat is a popular and effective password cracker widely used by both penetration testers and sysadmins as well as criminals and spies. At its most basic level, hashcat guesses a password, hashes it, and then compares the resulting...

Make simple software security checks part of your purchasing process
A few hours of due diligence when evaluating software for purchase is cheaper than incident response clean up.

Email spoofing explained: Who does it and how?
Forging email has been with us since the beginning of the internet, but new security kludges are making it a lot harder.

12 cheap or free cybersecurity training resources
Got time on your hands during the COVID-19 crisis? Here are some great free or cheap resources to add new cybersecurity skills to your resume.
-
eBook
Sponsored -
White Paper
-
White Paper
-
Solution Brief
Sponsored -
Analyst Report
Sponsored