J.M. Porup

Senior Writer

J.M. Porup has been a security geek since 2002, when he got his first job in IT. Since then he's covered national security and information security for a variety of publications, and now calls CSOonline home. He previously reported from Colombia for four years, where he wrote travel guidebooks to Latin America, and speaks Spanish fluently with a hilarious gringo-Colombian accent.

4 tips to mitigate Slack security risks

4 tips to mitigate Slack security risks

A Slack breach would be a nightmare in terms of exposed sensitive data. Here's how to lock down your Slack workspaces.

Three encrypted Slack alternatives worth a look

Three encrypted Slack alternatives worth a look

Slack is not end-to-end encrypted, leaving workplaces that use the popular collaboration tool vulnerable to both hackers and nation-state attacks. These encrypted alternatives will keep your team chats private.

What is Australia's AA Bill and how will it affect US companies?

What is Australia's AA Bill and how will it affect US companies?

Australia's new AA Bill turns Australian employees and vendors into a supply chain security risk.

Fear and loathing defending ICS security at DoE's CyberForce Competition

Fear and loathing defending ICS security at DoE's CyberForce Competition

Defending critical infrastructure from determined attackers is not an easy task, CSO reporter J.M. Porup learned competing in the Department of Energy's CyberForce Competition 2018, a cyber security training initiative.

BlackBerry's acquisition of Cylance raises eyebrows in the security community

BlackBerry's acquisition of Cylance raises eyebrows in the security community

BlackBerry's move into the endpoint security game may create public safety issues, given the company's history with encryption backdoors, experts say.

Cylance researchers discover powerful new nation-state APT

Cylance researchers discover powerful new nation-state APT

A new APT, dubbed White Company, is flexing its muscle on the world stage, and it has security researchers worried.

Learn to play defense by hacking these broken web apps

Learn to play defense by hacking these broken web apps

OWASP's Broken Web Applications Project makes it easy to learn how to hack web applications--a critical skill for web application developers playing defense, junior penetration testers, and security-curious management.

What are deepfakes? How and why they work

What are deepfakes? How and why they work

Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.

Doctored Jim Acosta video shows why fakes don’t need to be deep to be dangerous

Doctored Jim Acosta video shows why fakes don’t need to be deep to be dangerous

White House promotion of an allegedly doctored press conference video shows how "shallow fakes" can manipulate opinion.

Critical authentication flaw in DJI drone web app fixed

Critical authentication flaw in DJI drone web app fixed

Check Point researcher finds vulnerability that could have allowed attackers to spy on drone fleets in real time.

Burned malware returns, says Cylance report: Is Hacking Team responsible?

Burned malware returns, says Cylance report: Is Hacking Team responsible?

Burning malware forces attackers to evolve, not go away. Network defenders take note.

3 ways politicians could prevent voting machines from being hacked (if they wanted to)

3 ways politicians could prevent voting machines from being hacked (if they wanted to)

The current state of voting security is laughably bad, but we know how to secure voting machines. The problem isn't technical, but a lack of political will.

What is Shodan? The search engine for everything on the internet

What is Shodan? The search engine for everything on the internet

Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.

Bruce Schneier's Click Here to Kill Everybody reveals the looming cybersecurity crisis

Bruce Schneier's Click Here to Kill Everybody reveals the looming cybersecurity crisis

Everything is broken, and government and corporations like it that way. But when people start dying because of insecure cyberphysical systems, the overreaction from panicked policymakers could be worse than after 9/11.We need to solve...

What is sql injection? How SQLi attacks work and how to prevent them

What is sql injection? How SQLi attacks work and how to prevent them

SQL injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL code into a database query.

Hey Facebook: Quit discouraging people from using 2FA

Hey Facebook: Quit discouraging people from using 2FA

Facebook is spying on user 2FA phone numbers to target them with ads. A non-trivial percentage of Facebook users will not use two-factor authentication as a result, a net loss to security.

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

“Everything is fine” vs. “we’re doomed” isn’t the way to frame election security

The extremes of despair and optimism are both dangerous to information security. What we need to do is calmly assess the threats.

What is Wireshark? What this essential troubleshooting tool does and how to use it

What is Wireshark? What this essential troubleshooting tool does and how to use it

Wireshark is a must-have (and free) network protocol analyzer for any security professional or systems administrator. It's like Jaws, only for packets.

Are mixnets the answer to anonymous communications?

Are mixnets the answer to anonymous communications?

Combined with strong encryption such as the Signal protocol, modern mixnets could achieve the Holy Grail: metadata-resistant secure communications.

Hacking smart buildings

Hacking smart buildings

Smart buildings are giant IoT devices begging to get hacked. A new report offers concrete advice on how to mitigate the risk to building automation and control systems (BACS).

Load More