We're a bit sad to admit daylight savings time caught us both by surprise on Sunday, but hopefully, security issues won't catch you by surprise because you read this newsletter.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Strong passwords and two-factor authentication aren't just for the accounts you use every day. If you've got an old, inactive account that you're keeping around, it's worth making sure you remain in control of it. There's probably still data in them that you want to keep private, and as we cover in one of our stories this week, old accounts with weak passwords are an attractive target for hackers who resell established accounts to get around spam filters. Many sites have added stronger forms of two-factor authentication in the last few years, and for those of you who only started using a password manager recently, you probably have weak passwords for the accounts that you set up a while ago. See if there are accounts you haven't logged into in a while (old email addresses, social media services that you haven't kept up with) and bring them up to your …

Continue reading…

Happy March, or as at least one Excel spreadsheet put it, "Maruary."

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Location data can be used for a lot more than just helping you get where you need to go or find a nearby tea shop: apps can sell your location data to both advertisers and the government. A few weeks ago, we mentioned that we've both tried turning location data off for every app we use to see if we actually felt like we benefited from those apps having access to our real time locations. We recommend everyone try this - it's the best way to truly see if you need to give an app location data.

You may find that some apps work better for you with location data on, and for those apps, we'd recommend limiting their access as much as possible. (You likely don't need an app to have access to your location all the time.) If you're on iOS, you can even have an app ask for permission to get your location every time it needs it if you choose "Ask next time." We've had …

Continue reading…

Happy Sunday! Today we've got tips on how to stay safe on public wifi and how to keep your Twitter account safe from your former employer. We hope you're enjoying your newsletter - if you are, tell your friends to sign up too, because good digital security and privacy is for everyone!

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

While the web as a whole is steadily moving towards HTTPS, the encrypted and authenticated version of HTTP that makes sure that data sent from or to websites can't be intercepted or tampered, there's still a few good reasons to use the HTTPS Everywhere extension from the Electronic Frontier Foundation, available for Chrome, Firefox, and Opera. HTTPS Everywhere was built back when many websites supported HTTPS but didn't use it by default, and while that's much less common nowadays, upgrading you to HTTPS when available is still somewhat useful. The extension has another useful option, though: the "Encrypt All Sites Eligible (EASE)" mode, or as we like to call it, "HTTP nowhere." With EASE mode enabled, the extension will prevent you from visiting unencrypted HTTP sites. If the site …

Continue reading…

Happy (belated) Valentine's Day! Roses are red, violets are blue, I'm glad we use end-to-end encryption, so no one sees my love note but you.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

Automatic, regular backups are great for getting back to work quickly when something happens to your computer, phone, or tablet, but it's also important to backup important files separately, too. If an important file is only in your regular, automatic backups, you could find yourself without information you need if you accidentally delete it and don't notice until after the oldest automatic backup containing it gets replaced. You're also protected from malware deleting an important file, like in one of the stories we're covering later in this newsletter.

You don't necessarily need a separate cloud storage account or separate hard drives for manual backups of important data, though it doesn't hurt to keep them as separated as is practical for your workflow. Even if you aren't using different accounts or hard drives for these manual backups, you do want to make sure you're storing the backups of these files in places you won't accidentally overwrite …

Continue reading…

Happy Monday! One of our stories this week discusses the use of "cell-site simulators" or "IMSI-catchers," small devices that can trick cell phones into connecting to them instead of to actual cell towers. They're an increasingly popular law-enforcement tool, but they're also entirely too easy for casual attackers to build. In addition to detecting your location, cell-site simulators can intercept and spoof SMS messages.

If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

Tip of the week

It's a good idea to use "end-to-end encrypted" messaging platforms whenever you can. Most chat systems besides SMS encrypt messages on the way to their servers, but end-to-end encrypted systems also make sure that even their servers can't see your conversations, only the ends can. This makes sure your messages can't be seen by anyone else, whether they've got a cell-site simulator or some sort of access to your chat system's servers. Options include Apple's iMessage (which unfortunately only works on Apple phones), Open Whisper Systems' Signal, and Facebook's WhatsApp, which uses the same cryptography as Signal. Even the US military suggested their users use Signal or Wickr, another end-to-end encrypted messenger, in place of SMS …

Continue reading…