Loose Leaf Security Weekly, Issue 1

Welcome to Loose Leaf Security's newsletter! Every week, we'll include short takes on interesting security news and summaries of any new Loose Leaf Security content. We're really glad you're here.

In a few of the stories below, we're linking to past episodes on certain topics - if you're here because your favorite type of podcast is the kind you can read, don't worry, our episodes always have both full transcripts and show notes on the web page.

-Liz & Geoffrey

P.S. If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

New from Loose Leaf Security

New episode, "Covering your webcams": Liz and Geoffrey take a look at how attackers compromise webcams and discuss why it's worth physically covering them. Malware and alleged threats of malware are only some of the avenues attackers take to access other people's webcams; vulnerabilities in legitimate software, like the recent Zoom security flaw, can also be exploited. Additionally, sharing ownership of your devices with another party like your school district or workplace may leave you and your webcams exposed. In the news, the FTC fines Facebook, weaknesses in Apple's iMessage and Visual Voicemail, and U2F support added to …

Continue reading…

Instagram 'Unusual Login Attempt' verification loop failures

In addition to podcast episodes, we'll also be covering some security- and privacy-related topics in blog-style articles, where we can go into more detail than we could in an episode. This is our first article, a deeper dive into a strange problem with Instagram logins that Liz ran into recently. Stay tuned for both upcoming posts and podcast episodes!

Liz's experiences with "Unusual Login Attempt" verification loop failures

Last week, I got locked out of my personal Instagram account for about an hour. Here's what happened and how I found another way back in.

On August 2, 2019, I logged into my personal Instagram account on my laptop and changed the password as a part of my routine security checkup. As I also post to another Instagram account, namely @looseleafsecure, I logged out after changing my personal account's password to update that account's password as well. After updating @looseleafsecure's password, I logged out and attempted to log back into my personal Instagram account. For whatever reason, I believe the 1Password extension autofilled my old password - my new password was longer than my old password, and I remember the dots representing hidden character covering less of the text field than I …

Continue reading…