Don't abandon that domain name
Penny-wise, pound-foolish: Letting old domain names expire might save a few bucks a year, but lets attackers register your old domain and pretend to be you.
J.M. Porup | 27 Aug | Read more
Stories by J.M. Porup
Traveling to China for work? Punch through the Great Firewall and securely connect with your home office
Security is not just about confidentiality and integrity. It's also about availability. The new partnership between Wickr and Psiphon is worth a look for global enterprises with traveling employees.
J.M. Porup | 23 Aug | Read more
Do you need a vulnerability disclosure program? The feds say yes
The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.
J.M. Porup | 07 Aug | Read more
What are deepfakes? How and why they work
Once the bailiwick of Hollywood special effects studios with multi-million-dollar budgets, now anyone can download deepfake software and use machine learning to make believable fake videos. This makes a lot of people nervous.
J.M. Porup | 31 Jul | Read more
What is the Tor Browser? How it works and how it can help you protect your identity online
The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it easy to protect your identity online.
J.M. Porup | 12 Jul | Read more
Duty of care: Why (and how) law firms should up their security game
Lawyers have been slow to adopt modern security technology — and even slower to respond to security threats. That may be changing.
J.M. Porup | 10 Jul | Read more
What is a zero-day exploit? A powerful but fragile weapon
A zero-day is a security flaw that has not yet been patched by the vendor and can be exploited. These vulnerabilities fetch high prices on the black market
J.M. Porup | 25 Jun | Read more
Does cyber insurance make us more (or less) secure?
Underwriting cyber risk remains more art than science, but in the absence of regulation, cyber insurance might still be the best hope for improving cybersecurity practices across the board — at least for now.
J.M. Porup | 18 Jun | Read more
What is Shodan? The search engine for everything on the internet
Defenders find this simple tool valuable for finding vulnerable devices attached to the web that need to be secured.
J.M. Porup | 31 May | Read more
What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders
With XSS, attackers enter malicious code into a web form or web app URL to trick the application into doing something it's not supposed to do.
J.M. Porup | 19 Apr | Read more
Voting machine vendor firewall config, passwords posted on public support forum
"This is gold" for a nation-state attacker that wanted to hack an election.
J.M. Porup | 05 Apr | Read more
Want to hack a voting machine? Hack the voting machine vendor first
How password reuse and third-party breaches leave voting machine vendors vulnerable to attack.
J.M. Porup | 30 Mar | Read more
1.4B stolen passwords are free for the taking: What we know now
The 2012 LinkedIn breach, along with other old third-party breaches, is still paying dividends for criminals, who now have free access to 1.4 billion previously exposed email addresses and passwords.
J.M. Porup | 29 Mar | Read more
8 security tools and tips for journalists
Journalists have a giant red target on their backs. How can we defend ourselves?
J.M. Porup | 21 Mar | Read more
Insecure by design: What you need to know about defending critical infrastructure
Patching is useless most of the time, industrial control systems (ICS) security expert tells Senate committee.
J.M. Porup | 07 Mar | Read more