Welcome!

Loose Leaf Security is an independently produced podcast from Liz Denys and Geoffrey Thomas about making good computer security practice for everyone. We believe you don't need to be a software engineer or security professional to understand how to keep your devices and data safe. In every episode, we break down complex digital security and privacy topics into accessible primers and practical takeaways.

You can find Loose Leaf Security on many podcast clients or stream our episodes in your web browser. You can also follow us on Twitter, Instagram, and Facebook.

In addition to podcast episodes, we'll also be covering some security- and privacy-related topics in blog-style articles, where we can go into more detail than we could in an episode. We also send out a weekly newsletter that includes short summaries of interesting security news.

If you're new to Loose Leaf Security, you might want to check out our archives for some suggestions on where to start and a complete list of our episodes, articles, and reference materials.

Our latest episode:

Covering your webcams

Liz and Geoffrey take a look at how attackers compromise webcams and discuss why it's worth physically covering them. Malware and alleged threats of malware are only some of the avenues attackers take to access other people's webcams; vulnerabilities in legitimate software, like the recent Zoom security flaw, can also be exploited. Additionally, sharing ownership of your devices with another party like your school district or workplace may leave you and your webcams exposed. In the news, the FTC fines Facebook, weaknesses in Apple's iMessage and Visual Voicemail, and U2F support added to Firefox for Android.

Covering your webcams episode art

Continue reading for the show notes and complete transcript…

Other recent episodes:

  • Password managers: how they should work and when they didn't: Liz and Geoffrey discuss password manager extensions in depth: everything from how they keep your passwords safe from malicious websites to how they sync your passwords between your devices to how they've made mistakes in the past. If you haven't … (June 27, 2019)
  • Two-factor tidying: With a wide variety of possible two-factor authentication methods, it's difficult to keep track of which ones you're using - and which ones you could be using. Liz and Geoffrey talk about their personal strategies and how to handle difficult cases … (May 16, 2019)
  • Using a password manager effectively: In a deeper exploration of password manager browser extensions and features for sharing as well as a survey of alternatives to password managers, Liz and Geoffrey go back to the topic of Loose Leaf Security's very first episode and discuss how … (March 20, 2019)

See all of our episodes sorted by release date, most recent first.

Our latest article:

Loose Leaf Security Weekly, Issue 3

Good evening from Loose Leaf Security! We're enjoying the last week of iced tea weather here, but remember, while there's always time for a tea break, there's never time for a break from your personal security!

-Liz & Geoffrey

P.S. If someone forwarded this to you, you can sign up yourself at https://looseleafsecurity.com/newsletter.

In the news

The "Simjacker" attack: There's a new attack on cell phones in the news - all types of cell phones this time, unfortunately. The security research firm that found it is calling it "Simjacker", but to be clear, it has no relation to the practice of fraudulently acquiring a SIM card for someone else's account known as "SIM-jacking." The "Simjacker" attack uses SMS to send commands to a particular application running on the SIM card itself (SIM cards themselves are in fact very tiny computers), which can then send commands to the phone. Many carriers have filters or firewalls for these sorts of SMS messages, and in particular, the four major US carriers (AT&T, Sprint, T-Mobile, and Verizon) have confirmed that they are immune to the attack. Unfortunately, other carriers do not, and AdaptiveMobile Security, the research firm that found the attack …

Continue reading…

Other recent articles:

  • Loose Leaf Security Weekly, Issue 2: Hello again! We've been watching Brexit proceedings with a mixture of interest and confusion, but we're sure about one thing - there's never a good time to prorogue your personal security. -Liz & Geoffrey P.S. If someone forwarded this to you, you … (September 10, 2019)
  • Loose Leaf Security Weekly, Issue 1: Welcome to Loose Leaf Security's newsletter! Every week, we'll include short takes on interesting security news and summaries of any new Loose Leaf Security content. We're really glad you're here. In a few of the stories below, we're linking to … (September 3, 2019)
  • Instagram 'Unusual Login Attempt' verification loop failures: In addition to podcast episodes, we'll also be covering some security- and privacy-related topics in blog-style articles, where we can go into more detail than we could in an episode. This is our first article, a deeper dive into a strange problem … (August 9, 2019)

See all of our articles sorted by release date, most recent first.