Loose Leaf Security

Liz and Geoffrey take a look at how attackers compromise webcams and discuss why it's worth physically covering them. Malware and alleged threats of malware are only some of the avenues attackers take to access other people's webcams; vulnerabilities in legitimate software, like the recent Zoom security flaw, can also be exploited. Additionally, sharing ownership of your devices with another party like your school district or workplace may leave you and your webcams exposed. In the news, the FTC fines Facebook, weaknesses in Apple's iMessage and Visual Voicemail, and U2F support added to Firefox for Android.Show notes, timeline, and full transcript on looseleafsecurity.com

Liz and Geoffrey discuss password manager extensions in depth: everything from how they keep your passwords safe from malicious websites to how they sync your passwords between your devices to how they've made mistakes in the past. If you haven't picked a password manager yet, this hard look into the security records of popular password managers sheds light on which companies have earned your trust, but even if you're a long-time password manager user, knowing about their usual pitfalls helps keep you safe from potential future issues. Also, the new iOS 13 has a variety of security implications, and Firefox and Chrome change third-party cookie settings.Show notes, timeline, and full transcript on looseleafsecurity.com

With a wide variety of possible two-factor authentication methods, it's difficult to keep track of which ones you're using - and which ones you could be using. Liz and Geoffrey talk about their personal strategies and how to handle difficult cases like custom authenticator apps. In recent news, there's improvements to using security keys with Google accounts and some surprises with automatic updates.Show notes, timeline, and full transcript on looseleafsecurity.com

In a deeper exploration of password manager browser extensions and features for sharing as well as a survey of alternatives to password managers, Liz and Geoffrey go back to the topic of Loose Leaf Security's very first episode and discuss how password managers keep them safe in practice. In the news, a research firm makes dramatic claims about password manager security, and Facebook expands data tracking in worrisome ways.Show notes, timeline, and full transcript on looseleafsecurity.com

Liz and Geoffrey take a closer look at the security of checks and bank account numbers - a timely topic after a fraudster attempted to steal thousands of dollars from Liz with a counterfeit check - and also at mobile banking, cash transfer apps, and a bit more about credit cards. Plus, better encryption for Android, a major FaceTime bug, and practical lessons from Wells Fargo's day-long outage.Show notes, timeline, and full transcript on looseleafsecurity.com

An important part of your personal digital security is making sure your credit and debit cards are secure. In this episode, Liz and Geoffrey take a look at how attackers clone credit and debit cards, how newer cards resist these attacks, whether it's safer to use mobile payment apps, and how to keep an eye on your credit reports. Also, cell phone carriers continue to sell your location data, and phishing attacks against accounts with two-factor auth have become more powerful.Show notes, timeline, and full transcript on looseleafsecurity.com

In a special holiday episode, Liz and Geoffrey take a look at some recent security stories in more detail, from surveillance databases facilitating identity theft to unexpected facial recognition at concerts to changes in the meaning of social network activity. They also discuss how to properly secure high-value apps on your phone and some of their own plans to improve their security over winter break.Show notes, timeline, and full transcript on looseleafsecurity.com

From the fancy new USB-C or Thunderbolt ports on your laptop to the software and settings that came with your operating system, there are a lot of potential security concerns with recent computers. Liz and Geoffrey finish up their series on desktop and laptop security by looking at some of the latest threats - and why computers with old-style USB ports aren't much safer. Plus, some new scams to avoid and the scoop on some juicy internal Facebook documents.Show notes, timeline, and full transcript on looseleafsecurity.com

Malware, viruses, worms, adware - whatever you call them, you don't want them on your computer. But how do you keep them away? We take a look at the surprisingly involved process of downloading software from a trustworthy source, as well as the history of why desktop OSes are so vulnerable. Also, Liz talks Geoffrey out of running for office in Japan.Show notes, timeline, and full transcript on looseleafsecurity.com

Backups are an important part of keeping your devices secure - as mentioned last episode, backups not only help with lost devices but also let you easily and confidently wipe a compromised computer and get back to work quickly. Liz and Geoffrey take a look at different types of backups, including cloud versus local backups.Show notes, timeline, and full transcript on looseleafsecurity.com

Liz and Geoffrey are back with a look at physical computer security - just how much trouble could someone cause if they got access to your laptop for a few minutes? - and what sorts of problems disk encryption can and cannot solve. Also, security issues at popular social media services cause trouble for 90 million Facebook users and every Google+ user.Show notes, timeline, and full transcript on looseleafsecurity.com

Digital photos contain more than meets the eye: they have metadata and other hidden information that can compromise your privacy. Liz and Geoffrey take a look at Exif metadata and other non-obvious ways that photos from your phone or camera might be sharing more than they want. Also, the new iOS 12 has some neat security features, and Yahoo! Mail has some not-so-neat privacy concerns.Show notes, timeline, and full transcript on looseleafsecurity.com

As a change of pace, Liz and Geoffrey take a look back at security incidents in their own lives and talk about lessons they've learned - why phone backups are important, an unintentional security hole, and a security key gone rogue. In security news, the GDPR results in mildly positive changes for web tracking, and Fortnite's installer has exactly the vulnerability we were afraid of.Show notes, timeline, and full transcript on looseleafsecurity.com

In the third and last episode in the series on web security, Liz and Geoffrey look at HTTPS and how it keeps your web browsing both private and secure, and they also investigate private browsing or incognito mode and what exactly that mode does for your privacy. Plus, a new version of the protocol behind HTTPS and the latest Android release are cause for celebration, while Facebook and Google's approaches to data privacy are cause for concern.Show notes, timeline, and full transcript on looseleafsecurity.com

Continuing our exploration of web browser security from last episode, Liz and Geoffrey look into cookies, JavaScript, extensions, and plugins and discuss how best to mitigate their privacy and security risks while browsing the web. Plus, a serious Reddit breach provides a timely reminder to toughen your two-factor.Show notes, timeline, and full transcript on looseleafsecurity.com

The web can be a scary place - but once you get to know it a little better, it doesn't feel as scary. Liz and Geoffrey go back to 1990 to figure out how the web came to be what it is today and discuss how browsers keep us safe. Also, two very good improvements to HTTPS in today's version of Chrome, and the future of Android security just got a whole lot more complicated.Show notes, timeline, and full transcript on looseleafsecurity.com

Considering buying a new phone? Liz and Geoffrey compare the different security models of Android and iOS, the two most popular smartphone options on the market. We also talk about California's new privacy law, a number of recent attacks on cell phones, and how Tinder swiped left on bad crypto.Show notes, timeline, and full transcript on looseleafsecurity.com

We take our phones everywhere and trust them with a lot of sensitive information, but have we put enough thought into how to secure them? Liz and Geoffrey discuss different aspects of securing the smartphone you have, including passcodes, location services, notifications, and digital voice assistants. Plus, a question from a caller and a major Supreme Court decision!Show notes, timeline, and full transcript on looseleafsecurity.com

Last time we talked about strong passwords, but what if there was a better way to secure your account? We look at options for two-factor authentication, including text messages, apps, and security keys. Plus, security news from Apple, one of Liz's accounts got breached, and Geoffrey wants to celebrate a special birthday.Show notes, timeline, and full transcript on looseleafsecurity.com

You've heard for years about how to come up with strong passwords, but are those guidelines really true? Liz and Geoffrey talk about new risks to your online accounts, especially with the news of clear-text passwords being mishandled at Twitter and GitHub, and whether you should trust a password manager to solve all your password problems for you. Plus, what's happening to the green lock icon in Chrome, and should you worry about EFAIL?Show notes, timeline, and full transcript on looseleafsecurity.com