Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« USBDumper | Main | Dropped iPod Leads to Terror Alert »
August 25, 2006
Stephen Colbert Computer Security Tips
Stephen Colbert on protecting your computer: Part 1 and Part 2.
Posted on August 25, 2006 at 12:06 PM • 20 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Tip #1 should be to not use IE in general, but unfortunately, this video seems to require it, since firefox isn't working. I'm not one of those complainers, but I think this is interesting for a couple reasons. It implies that Bruce uses IE, and it is funny that a security blog site occasionaly requires you to use probably the least secure browser some times to see all the content.
Posted by: Josh O at August 25, 2006 1:21 PM
Here are the tips...
Protecting your online identity:
1. Always type with your non-dominant hand - so it's not typed in your handwriting.
2. Pick the right password - close your eyes and slap the keyboard at random.
3. Get hundreds of credit cards - never use the same one twice.
4. Defrag your hard drive once in a while - overheard a nerd say it somewhere at best buy.
5. For every real search on a search engine do a fake search - make it seem it's not you doing the search.
6. An infected computer is a vulnerable computer - make sure you wash your computer once a month.
Israel Torres
Posted by: Israel Torres at August 25, 2006 1:24 PM
Josh O: It worked OK for me with Safari, after I clicked on the "oh you must be using a popup blocker" link.
Posted by: Ben C at August 25, 2006 1:25 PM
If you have Quicktime Alternative (http://www.google.com/search?q=quicktime+alternative&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official) installed, it uses Windows Media Player Classic. It will give you the option of registering it in firefox which will allow you to view those pesky I.E.-only video feeds. Enjoy!
Posted by: Bryan Geraghty at August 25, 2006 1:37 PM
Those of us in the Microsoft-free world are left ignorant.
Posted by: roy at August 25, 2006 1:47 PM
"1. Always type with your non-dominant hand - so it's not typed in your handwriting."
is not as funny as he might have intended. There are biometric identification programs that look at typing patterns.
Posted by: Kevin Davidson at August 25, 2006 2:12 PM
@Josh O
:))
can't watch it either on ubuntu linux - Firefox 1.5 it must be a .wmv i think. other codes: i have them all.
Posted by: Jungsonn at August 25, 2006 2:25 PM
@Israel torres who said:
"2. Pick the right password - close your eyes and slap the keyboard at random."
This is not fully true, those are not random chars if done that way. You always make a pattern due to the fact that your mind and nervous system (which controls your hands) are responding in a logarithmic way, try to think random: can you?
If you do this often, you will find a pattern eventually. Use a computer program to select random chars.
Posted by: Jungsonn at August 25, 2006 2:30 PM
@Jungsson
"This is not fully true, ..."
None of Mr. Colbert's tips are fully true. The Colbert Report is humor (sarcasm/irony). None of its content is intended to be fully true.
Posted by: WTF at August 25, 2006 2:44 PM
Oops, hit "Post" too soon.
I''m pretty sure Israel Torres posted a transcript of the Colbert video, for those who couldn't see it directly.
Posted by: WTF at August 25, 2006 2:46 PM
It worked perfectly fine for me without having to do anything funny (other than the pop-up blocker link), and I'm not using any Microsoft products.
Posted by: ray at August 25, 2006 2:48 PM
Mr. Schneier used to primarily use Opera, surfing primarily on his non-dominant foot while singing the theme from "Walker, Texas Ranger."
Posted by: notChuckNorris at August 25, 2006 3:10 PM
@notChuckNorris
Bruce would never take such shortcuts. I've seen him whistle directly into a phone mouthpiece, generating a modulated DSL signal, encoding HTTP as he improvises it on the fly.
Posted by: Chuck (really) at August 25, 2006 4:40 PM
Here is the URL to the first video:
mms://a1607.v9950d.c9950.g.vm.akamaistream.net/7/1607/9950/v001/comedystor.download.akamai.com/9951/_!/com/colbert/2103_advice_a.wmv?auth=caEdYcBa7bFbZapd5b.akcRb5bqd_dod5dj-be724B-dHa-vELwwD&aifp=mtvn_02
The second video:
mms://a86.v9950d.c9950.g.vm.akamaistream.net/7/86/9950/v001/comedystor.download.akamai.com/9951/_!/com/colbert/2103_advice_b.wmv?auth=caEdka8cqbNduc.aFcIb7d6aAbJdjcMbGa7-be728p-dHa-vCEytD&aifp=mtvn_02
I was able to view these using MPlayer/Totem under Kubuntu (Movie -> Open Location...).
Posted by: dan_linder at August 25, 2006 4:46 PM
I found it, or maybe both, on YouTube:
http://www.youtube.com/watch?v=T-Lf_v4e0Vg
I don't know what part 1 & 2 are because I can't see the original ones linked too...
Posted by: Greg at August 25, 2006 5:34 PM
I saw it fine with Firefox, FWIW...
Is Mr. Colbert on retainer with the DHS? Some of this stuff sounds frighteningly familiar! ;)
Posted by: Dragonhunter at August 25, 2006 9:29 PM
Ironically, most of these tips do work, in some weird sense.
1. Always type with your non-dominant hand - so it's not typed in your handwriting.
Yes, there is a small chance that somebody has some app installed, able to get the characters out of the typing habits. But these applications work best only if they are installed at the victims computer. It works with a microphon too, but I would just install a videocamera instead of the mic: works better and doesn't even need that very expensive program in the first place.
2. Pick the right password - close your eyes and slap the keyboard at random.
Not really random, yes, but magnitudes better than "password", I guess.
3. Get hundreds of credit cards - never use the same one twice.
A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too.
4. Defrag your hard drive once in a while - overheard a nerd say it somewhere at best buy.
The only filesystems where regular defragmentation makes sense are the filesystems offered by Microsoft. Now, if the drivers of these filesystem have a little security hole that opens above a certain point of fragmentation ...
5. For every real search on a search engine do a fake search - make it seem it's not you doing the search.
Has been shown (here! ;-) that it doesn't work as planed. It is also shown, that nothing works as planed, only as coded, therefore the chance that it works is above zero. I'll leave the computing of the exact value of "above" to beaver.
6. An infected computer is a vulnerable computer - make sure you wash your computer once a month.
The average PC is one of the best available dustsamplers. The multiple levels of encrusted residues of human emissions have high thermal isolation values resulting in unstable behaviors of the internal switches and therefore unstable bit patterns. This may result in excessive gashing of security holes which can only be resolved by massaging the main memory with a two-handed double-headed axe--blades preferably engraved with erotic scenes--orthogonal to the hairline.
CZ
Posted by: Christoph Zurnieden at August 25, 2006 9:45 PM
In case you want to save youtube (and other) videos to your hard drive, you can use the video downloader extension at http://javimoya.com/blog/youtube_en.php
Posted by: Jojo at August 26, 2006 3:31 AM
@Christoph Zurnieden
"3. Get hundreds of credit cards - never use the same one twice.
A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too."
You can get one-time credit cards for on-line use:
http://www.auctionbytes.com/cab/abu/y205/m02/...
And from CitiBank:
http://www.citibank.com/us/cards/tour/cb/...
Posted by: Kees at August 27, 2006 5:00 PM
My posting was not meant to be taken very seriously, so I didn't do any research, not even at Google.
I must admit that I'm a bit surprised. But let's take a more through look:
> You can get one-time credit cards for on-line use:
> http://www.auctionbytes.com/cab/abu/y205/m02/...
That links to a page, that offers auto-generated CC-numbers internally linked to your original CC-number and a certain and atomic(?) amount of valuta.
The algorithm is unknown.
The safety of your data is unknown.
They write that you need a cookie to use that service (I don't know what's in this cookie, it might be harmless. But history tells that this is unlikely)
> And from CitiBank:
> http://www.citibank.com/us/cards/tour/cb/...
CitiBank and security? Well ...
The information offered at that page is more or less non-existant, but it seems, as if it works the same way as the offer above with the same weaknesses (except the cookie, I don't know if they need one).
There's also a problem in the design: they use the set of CC-numbers. It's a very big set, but is it big enough to assign a new CC-number to _every_ transaction? A re-use will of course kill the advantage of these one-time CC-numbers.
No, sorry: good idea (one-time keys), bad implemenation (use of CC#s).
CZ
Posted by: Christoph Zurnieden at August 28, 2006 11:08 AM
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Blog Menu |
SearchBlog Home Page
Archives by Date2012 J F
  |
| Latest Book |
more books by Bruce Schneier |
| Syndication |
|
Full Text Feed
Excerpts Feed |
| Translations |
|
German
Italian |
| Crypto-Gram Newsletter |
|
If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.
read more |
Comments