J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

The extremes of despair and optimism are both dangerous to information security. What we need to do is calmly assess the threats.

What is Wireshark? What this essential troubleshooting tool does and how to use it

What is Wireshark? What this essential troubleshooting tool does and how to use it

Wireshark is a must-have (and free) network protocol analyzer for any security professional or systems administrator. It's like Jaws, only for packets.

Are mixnets the answer to anonymous communications?

Are mixnets the answer to anonymous communications?

Combined with strong encryption such as the Signal protocol, modern mixnets could achieve the Holy Grail: metadata-resistant secure communications.

Hacking smart buildings

Hacking smart buildings

Smart buildings are giant IoT devices begging to get hacked. A new report offers concrete advice on how to mitigate the risk to building automation and control systems (BACS).

Why abandoned domain names are so dangerous

Why abandoned domain names are so dangerous

Abandoned domain names are low-hanging fruit for attackers, who can use them to access sensitive email or customer data.

Traveling to China for work? Punch through the Great Firewall and securely connect with your home office

Traveling to China for work? Punch through the Great Firewall and securely connect with your home office

Security is not just about confidentiality and integrity. It's also about availability. The new partnership between Wickr and Psiphon is worth a look for global enterprises with traveling employees.

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.

Do you need a vulnerability disclosure program? The feds say yes

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

Can cyber insurance cover acts of cyber terrorism?

Can cyber insurance cover acts of cyber terrorism?

Cyber insurance policies do not typically cover physical destruction or loss of life, but the UK government-backed reinsurer, Pool Re, announced this year it will cover acts of cyber officially deemed "terrorism" by Her Majesty's...

What is the Tor Browser? How it works and how it can help you protect your identity online

What is the Tor Browser? How it works and how it can help you protect your identity online

The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.

Duty of care: Why (and how) law firms should up their security game

Duty of care: Why (and how) law firms should up their security game

Lawyers have been slow to adopt modern technology — and even slower to respond to security threats. That may be changing.

What is a zero-day exploit? A powerful but fragile weapon

What is a zero-day exploit? A powerful but fragile weapon

A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market

Does cyber insurance make us more (or less) secure?

Does cyber insurance make us more (or less) secure?

Underwriting cyber risk remains more art than science, but in the absence of regulation, cyber insurance might still be the best hope for improving cybersecurity practices across the board — at least for now.

Information security in a war zone: How the Red Cross protects its data

Information security in a war zone: How the Red Cross protects its data

The International Committee of the Red Cross faces unique and extreme security threats across the globe. Technology is not always the best defense.

Scapegoating security researchers harms society

Scapegoating security researchers harms society

Want your government to stop punishing the security community for its own lapses? Become a better teacher and advocate for what you do.

GreyNoise: Knowing the difference between benign and malicious internet scans

GreyNoise: Knowing the difference between benign and malicious internet scans

Used with Shodan, this "search engine that looks at people scanning the internet" can help you pick bad actors out of the noise.

Katie Moussouris: It’s dangerous to conflate bug bounties and vulnerability disclosure

Katie Moussouris: It’s dangerous to conflate bug bounties and vulnerability disclosure

“There are two extremes right now: no idea where to start or do a bug bounty,” says Moussouris, who built Microsoft's vulnerability disclosure program.

Georgia governor vetoes bill that would criminalize good-faith security research, permit vigilante action

Georgia governor vetoes bill that would criminalize good-faith security research, permit vigilante action

Veto comes in response to overwhelming criticism from industry. Georgia cybersecurity folks had been outraged about SB 315, and warned that it could cost the state jobs.

Online voting is impossible to secure. So why are some governments using it?

Online voting is impossible to secure. So why are some governments using it?

If you thought electronic voting machines were insecure, wait 'til you meet online voting. Dr. Vanessa Teague has twice demonstrated massive security flaws in online voting systems. Instead of fixes and support, she got official...

What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders

What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders

With XSS, attackers enter malicious code into a web form or web app URL to trick the application into doing something it's not supposed to do.

Load More