Loose Leaf Security Weekly, Issue 11

Hello! The chill in New York provided us the perfect excuse to curl up with a blanket and a pot of tea while making sure the last of our accounts with an authenticator app as a second factor had those authenticator apps configured on both our current phones and backup phones. One of Liz's accounts is an unused Snapchat namespace grab (an account that goes entirely unused but exists so no one else can use Liz's most commonly used username), and Liz was particularly unhappy to have to download the Snapchat app and temporarily give it camera access just to reconfigure two-factor authentication.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

If you want to upload a photo from your phone to a service like social media or email, there are usually two ways to do it: you can open the service's app and access your photo library or camera from there, or you can take a photo and use your phone's "Share" feature to send it to the service. Sharing a photo via the first approach will often prompt you to give the app direct access to …

Continue reading…

Loose Leaf Security Weekly, Issue 10

Hello again! As the sun rises later and later each day, we're finding ourselves really appreciating the value of a cup of hot tea in the morning - nothing fancy or elaborate, just plain, good tea before we head out the door. In the same way, as the internet gets more dangerous and new threats are discovered each day, we're appreciating the value of security basics, like strong passwords in a password manager. Two of today's stories cover new reports of attacks where giving each site a unique, strong password would have kept you safe.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

We've talked before about how useful computer backups can be, and we've also talked about the risk of social media companies disabling your account without warning. In addition to backups of your computer, it's useful to have backups of your social media data. If you ever lose access to your account for any reason, you won't lose access to any photos or posts you only posted to social media.

Many social media sites make it easy to download your data, including Facebook, Instagram, and Twitter. There's …

Continue reading…

Loose Leaf Security Weekly, Issue 9

Happy Friday! We hope you had a good Halloween and didn't get any candies laced with marijuana as police departments had been warning about - but of course you didn't, it's an urban legend, much like the fears from a few decades ago about candies with razor blades inside. Even police departments sending out these warnings have no record of it happening, and a bit of common sense shows why not: "edibles" are far too expensive for anyone to want to give out for free, and they also look nothing like children's candy. From a computer security perspective, we'd say that this worry demonstrates a lack of realistic threat modeling and an undeserved fear of the spookiest and scariest risks, without assessing how likely they are.

Threat modeling is, essentially, a systematic approach to determining what can go wrong and what we're going to do to protect ourselves. The first step is to accurately describe what we want to protect and who we're protecting against. (Criminal justice professor Joel Best tracks reported stories of drugs and harmful objects in Halloween candy, many of which turn out to have nothing to do with Halloween - for instance, after a 1970 tragedy where a …

Continue reading…

Loose Leaf Security Weekly, Issue 8

Did you know that October is National Cybersecurity Awareness Month? We just found out, though we try to be aware of cybersecurity all the time. It feels a lot like having a tea month when you could be drinking delicious tea all year. (Did you know that January is National Hot Tea Month?)

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

If you ever get a pick up a call and the caller asks you for personal information like a password, two-factor code, social security number, or even your address, you should hang up. If they say they're from a bank you have accounts with, an online shopping service you use, or something else that sounds important, look up their main number yourself and call there to ask if there's anything on your account that requires attention. If you don't know the right phone number, look it up on their website over a secure HTTPS connection - don't just trust numbers aggregated into search results - and if there's another canonical place to find it, like the back of credit or debit cards, you can verify that's a reasonable number …

Continue reading…

Loose Leaf Security Weekly, Issue 7

Good afternoon! Today, we're taking a look at some security news from around the world. China and India, which are ramping up facial recognition, also happen to be two of the world's major tea producers. Meanwhile, activists in Morocco were targeted by advanced phone malware. Morocco doesn't have a climate to grow the tea plant, but they import green tea and brew it with native spearmint to make a mint tea. Delicious!

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Have I Been Pwned is a volunteer-run service from security professional Troy Hunt that tracks breaches and compromises ("pwning" in hacker-speak) of websites that leak personal information. You can see known breaches that have involved your email address there. In some cases, these breaches only include email addresses, which you may be less concerned about - especially if your email address is already public like ours are. However, if you see "Compromised data: Passwords," you should definitely make sure you've changed your password for that account since the breach. (If you aren't sure, update it again just in case.)

You can also sign up for future breach alerts: whenever …

Continue reading…