Schneier on Security

A blog covering security and security technology.

« USBDumper | Main | Dropped iPod Leads to Terror Alert »

August 25, 2006

Stephen Colbert Computer Security Tips

Stephen Colbert on protecting your computer: Part 1 and Part 2.

Posted on August 25, 2006 at 12:06 PM • 20 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Josh O • August 25, 2006 1:21 PM

Tip #1 should be to not use IE in general, but unfortunately, this video seems to require it, since firefox isn't working. I'm not one of those complainers, but I think this is interesting for a couple reasons. It implies that Bruce uses IE, and it is funny that a security blog site occasionaly requires you to use probably the least secure browser some times to see all the content.

Israel Torres • August 25, 2006 1:24 PM

Here are the tips...
Protecting your online identity:
1. Always type with your non-dominant hand - so it's not typed in your handwriting.
2. Pick the right password - close your eyes and slap the keyboard at random.
3. Get hundreds of credit cards - never use the same one twice.
4. Defrag your hard drive once in a while - overheard a nerd say it somewhere at best buy.
5. For every real search on a search engine do a fake search - make it seem it's not you doing the search.
6. An infected computer is a vulnerable computer - make sure you wash your computer once a month.

Israel Torres

Ben C • August 25, 2006 1:25 PM

Josh O: It worked OK for me with Safari, after I clicked on the "oh you must be using a popup blocker" link.

Bryan Geraghty • August 25, 2006 1:37 PM

If you have Quicktime Alternative (http://www.google.com/search?q=quicktime+alternative&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official) installed, it uses Windows Media Player Classic. It will give you the option of registering it in firefox which will allow you to view those pesky I.E.-only video feeds. Enjoy!

roy • August 25, 2006 1:47 PM

Those of us in the Microsoft-free world are left ignorant.

Kevin Davidson • August 25, 2006 2:12 PM

"1. Always type with your non-dominant hand - so it's not typed in your handwriting."

is not as funny as he might have intended. There are biometric identification programs that look at typing patterns.

http://www.biopassword.com/...

Jungsonn • August 25, 2006 2:25 PM

@Josh O

:))

can't watch it either on ubuntu linux - Firefox 1.5 it must be a .wmv i think. other codes: i have them all.

Jungsonn • August 25, 2006 2:30 PM

@Israel torres who said:

"2. Pick the right password - close your eyes and slap the keyboard at random."

This is not fully true, those are not random chars if done that way. You always make a pattern due to the fact that your mind and nervous system (which controls your hands) are responding in a logarithmic way, try to think random: can you?

If you do this often, you will find a pattern eventually. Use a computer program to select random chars.

WTF • August 25, 2006 2:44 PM

@Jungsson
"This is not fully true, ..."

None of Mr. Colbert's tips are fully true. The Colbert Report is humor (sarcasm/irony). None of its content is intended to be fully true.

WTF • August 25, 2006 2:46 PM

Oops, hit "Post" too soon.

I''m pretty sure Israel Torres posted a transcript of the Colbert video, for those who couldn't see it directly.

ray • August 25, 2006 2:48 PM

It worked perfectly fine for me without having to do anything funny (other than the pop-up blocker link), and I'm not using any Microsoft products.

notChuckNorris • August 25, 2006 3:10 PM

Mr. Schneier used to primarily use Opera, surfing primarily on his non-dominant foot while singing the theme from "Walker, Texas Ranger."

Chuck (really) • August 25, 2006 4:40 PM

@notChuckNorris

Bruce would never take such shortcuts. I've seen him whistle directly into a phone mouthpiece, generating a modulated DSL signal, encoding HTTP as he improvises it on the fly.

dan_linder • August 25, 2006 4:46 PM

Here is the URL to the first video:
mms://a1607.v9950d.c9950.g.vm.akamaistream.net/7/1607/9950/v001/comedystor.download.akamai.com/9951/_!/com/colbert/2103_advice_a.wmv?auth=caEdYcBa7bFbZapd5b.akcRb5bqd_dod5dj-be724B-dHa-vELwwD&aifp=mtvn_02

The second video:
mms://a86.v9950d.c9950.g.vm.akamaistream.net/7/86/9950/v001/comedystor.download.akamai.com/9951/_!/com/colbert/2103_advice_b.wmv?auth=caEdka8cqbNduc.aFcIb7d6aAbJdjcMbGa7-be728p-dHa-vCEytD&aifp=mtvn_02

I was able to view these using MPlayer/Totem under Kubuntu (Movie -> Open Location...).

Greg • August 25, 2006 5:34 PM

I found it, or maybe both, on YouTube:

http://www.youtube.com/watch?v=T-Lf_v4e0Vg

I don't know what part 1 & 2 are because I can't see the original ones linked too...

Dragonhunter • August 25, 2006 9:29 PM

I saw it fine with Firefox, FWIW...

Is Mr. Colbert on retainer with the DHS? Some of this stuff sounds frighteningly familiar! ;)

Christoph Zurnieden • August 25, 2006 9:45 PM

Ironically, most of these tips do work, in some weird sense.

1. Always type with your non-dominant hand - so it's not typed in your handwriting.

Yes, there is a small chance that somebody has some app installed, able to get the characters out of the typing habits. But these applications work best only if they are installed at the victims computer. It works with a microphon too, but I would just install a videocamera instead of the mic: works better and doesn't even need that very expensive program in the first place.

2. Pick the right password - close your eyes and slap the keyboard at random.

Not really random, yes, but magnitudes better than "password", I guess.

3. Get hundreds of credit cards - never use the same one twice.

A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too.

4. Defrag your hard drive once in a while - overheard a nerd say it somewhere at best buy.

The only filesystems where regular defragmentation makes sense are the filesystems offered by Microsoft. Now, if the drivers of these filesystem have a little security hole that opens above a certain point of fragmentation ...

5. For every real search on a search engine do a fake search - make it seem it's not you doing the search.

Has been shown (here! ;-) that it doesn't work as planed. It is also shown, that nothing works as planed, only as coded, therefore the chance that it works is above zero. I'll leave the computing of the exact value of "above" to beaver.

6. An infected computer is a vulnerable computer - make sure you wash your computer once a month.

The average PC is one of the best available dustsamplers. The multiple levels of encrusted residues of human emissions have high thermal isolation values resulting in unstable behaviors of the internal switches and therefore unstable bit patterns. This may result in excessive gashing of security holes which can only be resolved by massaging the main memory with a two-handed double-headed axe--blades preferably engraved with erotic scenes--orthogonal to the hairline.

Jojo • August 26, 2006 3:31 AM

In case you want to save youtube (and other) videos to your hard drive, you can use the video downloader extension at http://javimoya.com/blog/youtube_en.php

Kees • August 27, 2006 5:00 PM

@Christoph Zurnieden
"3. Get hundreds of credit cards - never use the same one twice.
A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too."

You can get one-time credit cards for on-line use:
http://www.auctionbytes.com/cab/abu/y205/m02/...
And from CitiBank:
http://www.citibank.com/us/cards/tour/cb/...

Christoph Zurnieden • August 28, 2006 11:08 AM

My posting was not meant to be taken very seriously, so I didn't do any research, not even at Google.
I must admit that I'm a bit surprised. But let's take a more through look:

> You can get one-time credit cards for on-line use:
> http://www.auctionbytes.com/cab/abu/y205/m02/...

That links to a page, that offers auto-generated CC-numbers internally linked to your original CC-number and a certain and atomic(?) amount of valuta.
The algorithm is unknown.
The safety of your data is unknown.
They write that you need a cookie to use that service (I don't know what's in this cookie, it might be harmless. But history tells that this is unlikely)

> And from CitiBank:
> http://www.citibank.com/us/cards/tour/cb/...

CitiBank and security? Well ...
The information offered at that page is more or less non-existant, but it seems, as if it works the same way as the offer above with the same weaknesses (except the cookie, I don't know if they need one).

There's also a problem in the design: they use the set of CC-numbers. It's a very big set, but is it big enough to assign a new CC-number to _every_ transaction? A re-use will of course kill the advantage of these one-time CC-numbers.
No, sorry: good idea (one-time keys), bad implemenation (use of CC#s).

Post a comment

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

Subscribe via Kindle

Blog Menu

Search

Powered by DuckDuckGo

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M J
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D