It's been a bit since our last newsletter, sorry - we're both doing well, but just about everything's been disrupted. If you've been applying software updates regularly, you've got about half of what we were going to talk about, but read on for the other half of all the security news from the last few weeks.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

If you have any automatic payments or saved payment methods for any of your accounts, it's worth keeping track of which payment methods are connected to which accounts. That way, when one of those accounts is breached, you can both contact the issuers for any associated payment methods and also quickly switch payment methods on any other accounts that used that one so you don't accidentally forget to pay a bill or renew a service you rely on. Since breaches are unfortunately a matter of "when," not "if," it's a lot easier to not have to track down all accounts that rely on a payment method that's involved in a breach. This is also helpful if one of your credit or debit card numbers is …

Continue reading…

Today's newsletter has a new section: "We are once again asking you to take software updates." A lot of our news stories are primarily straightforward reminders to take these important software updates ASAP because they're a vital part of keeping your devices secure and personal information private, and we don't want those reminders to get buried if you're not planning on reading the newsletter all at once. Also, if you know you're already really on top of taking software updates, it's easy to skip past that section to get straight to other types of stories.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Last time, we discussed some possible ways to protect yourself from an employer or a school who wants you to install monitoring software on your personal computer. They've been in the news more of late, and with exam season coming up, schools are likely going to be asking for additional monitoring software, which might be more access than you want to give them.

In addition to the approaches we mentioned, another good option is to make a separate, non-admin user account on your computer for …

Continue reading…

Happy April! Though the world around us seems to be on hold in many ways, security and privacy news isn't slowing down - we're pretty happy to see lots of media attention on Zoom, which we discuss in detail in this newsletter. Also, attackers and miscreants can do their work just as well from home, so there's been no shortage of security updates.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Among the many types of corporate misbehavior in response to the pandemic is a sudden popularity of software that spies on your personal computer to "ensure" that you're still working. We discussed this sort of thing in our episode "Covering your webcams," in which we also covered the case of a school district that had installed camera-monitoring software on the laptops they sent home with students. Another common case of remote-monitoring spyware is for so-called "online proctored" exams: schools and colleges are often requiring students to install software that both watches their activity on the computer and watches them by webcam. In the episode, we suggested that - if possible - we'd try to get a work-owned or school-owned laptop …

Continue reading…

Hello again! We hope you're staying safe and healthy, wherever you are.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Many of us are starting to do our work over videoconferencing tools, and last week, we mentioned our episode "Covering your webcams" for tips on preventing applications from taking video of you without your awareness. This week, we'd like to call special attention to why you'd want to keep your webcam covered: in addition to the risk of malware taking video of you, well-intentioned apps can also start video calls before you've clicked to accept them, and you may not necessarily want your coworkers to see you (or your family or your pets) until you're ready to join the call. In particular, the very popular videoconferencing service Zoom had exactly this problem until last year. First, for "convenience," the desktop app had an option to start calls automatically when you clicked a link instead of waiting for you to press a button. Second, even when it was uninstalled, the app would leave behind a little agent that would automatically reinstall it the next time you clicked on a …

Continue reading…

We're sorry this week's newsletter is a bit late - the two of us haven't been able to meet up in person because we've been practicing "social distancing" to help contain the novel coronavirus, and we're still adjusting to working remotely and staying at home. It's not as straightforward as the old way of doing things, but it's an important step to take to limit the potential impact of the disease. In a sense, it's basically the human version of sandboxing, which limits the spread of computer viruses and other malware. While it would be easier if mobile apps and web pages could just directly access each other's files, cookies, and other data, sandboxing requires that you specifically share the things you want to share between apps and therefore makes it harder for malware to directly move between apps. As with humans, containing the spread of a virus also makes it a lot easier to recover from an outbreak - it's easier to deal with a single infected or compromised app than recover from every app on your device being infected at the same time.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip …

Continue reading…