Welcome!

Loose Leaf Security is an independently produced podcast from Liz Denys and Geoffrey Thomas about making good computer security practice for everyone. We believe you don't need to be a software engineer or security professional to understand how to keep your devices and data safe. In every episode, we break down complex digital security and privacy topics into accessible primers and practical takeaways.

You can find Loose Leaf Security on many podcast clients or stream our episodes in your web browser. You can also follow us on Twitter, Instagram, and Facebook.

In addition to podcast episodes, we'll also be covering some security- and privacy-related topics in blog-style articles, where we can go into more detail than we could in an episode. We also send out a weekly newsletter that includes a practical tip about improving your personal digital security, short summaries of relevant security news, and any thought-provoking articles we've seen about digital privacy and security.

If you're new to Loose Leaf Security, you might want to check out our archives for some suggestions on where to start and a complete list of our episodes, articles, and reference materials.

Our latest episode:

Covering your webcams

Liz and Geoffrey take a look at how attackers compromise webcams and discuss why it's worth physically covering them. Malware and alleged threats of malware are only some of the avenues attackers take to access other people's webcams; vulnerabilities in legitimate software, like the recent Zoom security flaw, can also be exploited. Additionally, sharing ownership of your devices with another party like your school district or workplace may leave you and your webcams exposed. In the news, the FTC fines Facebook, weaknesses in Apple's iMessage and Visual Voicemail, and U2F support added to Firefox for Android.

Covering your webcams episode art

Continue reading for the show notes and complete transcript…

Other recent episodes:

  • Password managers: how they should work and when they didn't: Liz and Geoffrey discuss password manager extensions in depth: everything from how they keep your passwords safe from malicious websites to how they sync your passwords between your devices to how they've made mistakes in the past. If you haven't… (June 27, 2019)
  • Two-factor tidying: With a wide variety of possible two-factor authentication methods, it's difficult to keep track of which ones you're using - and which ones you could be using. Liz and Geoffrey talk about their personal strategies and how to handle difficult cases… (May 16, 2019)
  • Using a password manager effectively: In a deeper exploration of password manager browser extensions and features for sharing as well as a survey of alternatives to password managers, Liz and Geoffrey go back to the topic of Loose Leaf Security's very first episode and discuss how… (March 20, 2019)

See all of our episodes sorted by release date, most recent first.

Our latest article:

Loose Leaf Security Weekly, Issue 18

It's been a busy week in security news, with another reason to avoid SMS-based two-factor authentication and another reason to apply software updates as soon as you can - even on your cable modem. There's good news too, though: ad tracking has gotten significantly less effective, and Google has introduced a new way to secure your account. Also, waiting for software updates is the perfect excuse to make a pot of tea.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

One of our stories this week is new research about ways that attackers can trick your cell phone company into moving your account over to your device, an attack often called "SIM-swapping" or "SIM-jacking." Even apart from this risk, there are good reasons to prefer non-SMS-based two-factor authentication methods. The SMS protocol itself is insecure, and it's not outside the realm of possibility that an attacker could eavesdrop on a text message being sent to you. (We haven't seen any websites offer to send two-factor codes via end-to-end encrypted protocols like iMessage or Signal.) For methods other than SMS, you're usually able to set up multiple two-factor authentication mechanisms …

Continue reading…

Other recent articles:

  • Loose Leaf Security Weekly, Issue 17: Happy 2020! Neither of us is particularly the type to make New Year's resolutions, which makes sense since security is a year-round, all the time concern. Let's get to it. If someone forwarded this to you, you can sign up yourself at… (January 12, 2020)
  • Loose Leaf Security Weekly, Issue 16: Last night was the solstice, the longest night of the year. Over the next six months, the days will get longer - unless, of course, you're in the southern hemisphere, when it was the summer solstice, the shortest night of the year. Still, day or… (December 22, 2019)
  • Loose Leaf Security Weekly, Issue 15: It's finally snowing (at least where we are), and soon there will be enough snow to build a snowman. Be careful with giving your snowman a corncob pipe and a button nose, though. Those distinctive features can be easily identified by facial… (December 14, 2019)

See all of our articles sorted by release date, most recent first.