Loose Leaf Security Weekly, Issue 28

Happy April! Though the world around us seems to be on hold in many ways, security and privacy news isn't slowing down - we're pretty happy to see lots of media attention on Zoom, which we discuss in detail in this newsletter. Also, attackers and miscreants can do their work just as well from home, so there's been no shortage of security updates.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Among the many types of corporate misbehavior in response to the pandemic is a sudden popularity of software that spies on your personal computer to "ensure" that you're still working. We discussed this sort of thing in our episode "Covering your webcams," in which we also covered the case of a school district that had installed camera-monitoring software on the laptops they sent home with students. Another common case of remote-monitoring spyware is for so-called "online proctored" exams: schools and colleges are often requiring students to install software that both watches their activity on the computer and watches them by webcam. In the episode, we suggested that - if possible - we'd try to get a work-owned or school-owned laptop …

Continue reading…

Loose Leaf Security Weekly, Issue 27

Hello again! We hope you're staying safe and healthy, wherever you are.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Many of us are starting to do our work over videoconferencing tools, and last week, we mentioned our episode "Covering your webcams" for tips on preventing applications from taking video of you without your awareness. This week, we'd like to call special attention to why you'd want to keep your webcam covered: in addition to the risk of malware taking video of you, well-intentioned apps can also start video calls before you've clicked to accept them, and you may not necessarily want your coworkers to see you (or your family or your pets) until you're ready to join the call. In particular, the very popular videoconferencing service Zoom had exactly this problem until last year. First, for "convenience," the desktop app had an option to start calls automatically when you clicked a link instead of waiting for you to press a button. Second, even when it was uninstalled, the app would leave behind a little agent that would automatically reinstall it the next time you clicked on a …

Continue reading…

Loose Leaf Security Weekly, Issue 26

We're sorry this week's newsletter is a bit late - the two of us haven't been able to meet up in person because we've been practicing "social distancing" to help contain the novel coronavirus, and we're still adjusting to working remotely and staying at home. It's not as straightforward as the old way of doing things, but it's an important step to take to limit the potential impact of the disease. In a sense, it's basically the human version of sandboxing, which limits the spread of computer viruses and other malware. While it would be easier if mobile apps and web pages could just directly access each other's files, cookies, and other data, sandboxing requires that you specifically share the things you want to share between apps and therefore makes it harder for malware to directly move between apps. As with humans, containing the spread of a virus also makes it a lot easier to recover from an outbreak - it's easier to deal with a single infected or compromised app than recover from every app on your device being infected at the same time.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip …

Continue reading…

Loose Leaf Security Weekly, Issue 25

We're a bit sad to admit daylight savings time caught us both by surprise on Sunday, but hopefully, security issues won't catch you by surprise because you read this newsletter.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Strong passwords and two-factor authentication aren't just for the accounts you use every day. If you've got an old, inactive account that you're keeping around, it's worth making sure you remain in control of it. There's probably still data in them that you want to keep private, and as we cover in one of our stories this week, old accounts with weak passwords are an attractive target for hackers who resell established accounts to get around spam filters. Many sites have added stronger forms of two-factor authentication in the last few years, and for those of you who only started using a password manager recently, you probably have weak passwords for the accounts that you set up a while ago. See if there are accounts you haven't logged into in a while (old email addresses, social media services that you haven't kept up with) and bring them up to your …

Continue reading…

Loose Leaf Security Weekly, Issue 24

Happy March, or as at least one Excel spreadsheet put it, "Maruary."

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Location data can be used for a lot more than just helping you get where you need to go or find a nearby tea shop: apps can sell your location data to both advertisers and the government. A few weeks ago, we mentioned that we've both tried turning location data off for every app we use to see if we actually felt like we benefited from those apps having access to our real time locations. We recommend everyone try this - it's the best way to truly see if you need to give an app location data.

You may find that some apps work better for you with location data on, and for those apps, we'd recommend limiting their access as much as possible. (You likely don't need an app to have access to your location all the time.) If you're on iOS, you can even have an app ask for permission to get your location every time it needs it if you choose "Ask next time." We've had …

Continue reading…