Comments

Josh O August 25, 2006 1:21 PM

Tip #1 should be to not use IE in general, but unfortunately, this video seems to require it, since firefox isn’t working. I’m not one of those complainers, but I think this is interesting for a couple reasons. It implies that Bruce uses IE, and it is funny that a security blog site occasionaly requires you to use probably the least secure browser some times to see all the content.

Israel Torres August 25, 2006 1:24 PM

Here are the tips…
Protecting your online identity:
1. Always type with your non-dominant hand – so it’s not typed in your handwriting.
2. Pick the right password – close your eyes and slap the keyboard at random.
3. Get hundreds of credit cards – never use the same one twice.
4. Defrag your hard drive once in a while – overheard a nerd say it somewhere at best buy.
5. For every real search on a search engine do a fake search – make it seem it’s not you doing the search.
6. An infected computer is a vulnerable computer – make sure you wash your computer once a month.

Israel Torres

Ben C August 25, 2006 1:25 PM

Josh O: It worked OK for me with Safari, after I clicked on the “oh you must be using a popup blocker” link.

Jungsonn August 25, 2006 2:30 PM

@Israel torres who said:

“2. Pick the right password – close your eyes and slap the keyboard at random.”

This is not fully true, those are not random chars if done that way. You always make a pattern due to the fact that your mind and nervous system (which controls your hands) are responding in a logarithmic way, try to think random: can you?

If you do this often, you will find a pattern eventually. Use a computer program to select random chars.

WTF August 25, 2006 2:44 PM

@Jungsson
“This is not fully true, …”

None of Mr. Colbert’s tips are fully true. The Colbert Report is humor (sarcasm/irony). None of its content is intended to be fully true.

WTF August 25, 2006 2:46 PM

Oops, hit “Post” too soon.

I”m pretty sure Israel Torres posted a transcript of the Colbert video, for those who couldn’t see it directly.

ray August 25, 2006 2:48 PM

It worked perfectly fine for me without having to do anything funny (other than the pop-up blocker link), and I’m not using any Microsoft products.

notChuckNorris August 25, 2006 3:10 PM

Mr. Schneier used to primarily use Opera, surfing primarily on his non-dominant foot while singing the theme from “Walker, Texas Ranger.”

Chuck (really) August 25, 2006 4:40 PM

@notChuckNorris

Bruce would never take such shortcuts. I’ve seen him whistle directly into a phone mouthpiece, generating a modulated DSL signal, encoding HTTP as he improvises it on the fly.

dan_linder August 25, 2006 4:46 PM

Here is the URL to the first video:
mms://a1607.v9950d.c9950.g.vm.akamaistream.net/7/1607/9950/v001/comedystor.download.akamai.com/9951/_!/com/colbert/2103_advice_a.wmv?auth=caEdYcBa7bFbZapd5b.akcRb5bqd_dod5dj-be724B-dHa-vELwwD&aifp=mtvn_02

The second video:
mms://a86.v9950d.c9950.g.vm.akamaistream.net/7/86/9950/v001/comedystor.download.akamai.com/9951/_!/com/colbert/2103_advice_b.wmv?auth=caEdka8cqbNduc.aFcIb7d6aAbJdjcMbGa7-be728p-dHa-vCEytD&aifp=mtvn_02

I was able to view these using MPlayer/Totem under Kubuntu (Movie -> Open Location…).

Dragonhunter August 25, 2006 9:29 PM

I saw it fine with Firefox, FWIW…

Is Mr. Colbert on retainer with the DHS? Some of this stuff sounds frighteningly familiar! 😉

Christoph Zurnieden August 25, 2006 9:45 PM

Ironically, most of these tips do work, in some weird sense.

  1. Always type with your non-dominant hand – so it’s not typed in your handwriting.

Yes, there is a small chance that somebody has some app installed, able to get the characters out of the typing habits. But these applications work best only if they are installed at the victims computer. It works with a microphon too, but I would just install a videocamera instead of the mic: works better and doesn’t even need that very expensive program in the first place.

  1. Pick the right password – close your eyes and slap the keyboard at random.

Not really random, yes, but magnitudes better than “password”, I guess.

  1. Get hundreds of credit cards – never use the same one twice.

A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too.

  1. Defrag your hard drive once in a while – overheard a nerd say it somewhere at best buy.

The only filesystems where regular defragmentation makes sense are the filesystems offered by Microsoft. Now, if the drivers of these filesystem have a little security hole that opens above a certain point of fragmentation …

  1. For every real search on a search engine do a fake search – make it seem it’s not you doing the search.

Has been shown (here! 😉 that it doesn’t work as planed. It is also shown, that nothing works as planed, only as coded, therefore the chance that it works is above zero. I’ll leave the computing of the exact value of “above” to beaver.

  1. An infected computer is a vulnerable computer – make sure you wash your computer once a month.

The average PC is one of the best available dustsamplers. The multiple levels of encrusted residues of human emissions have high thermal isolation values resulting in unstable behaviors of the internal switches and therefore unstable bit patterns. This may result in excessive gashing of security holes which can only be resolved by massaging the main memory with a two-handed double-headed axe–blades preferably engraved with erotic scenes–orthogonal to the hairline.

CZ

Kees August 27, 2006 5:00 PM

@Christoph Zurnieden
“3. Get hundreds of credit cards – never use the same one twice.
A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too.”

You can get one-time credit cards for on-line use:
http://www.auctionbytes.com/cab/abu/y205/m02/abu0137/s02
And from CitiBank:
http://www.citibank.com/us/cards/tour/cb/shp_van.htm

Christoph Zurnieden August 28, 2006 11:08 AM

My posting was not meant to be taken very seriously, so I didn’t do any research, not even at Google.
I must admit that I’m a bit surprised. But let’s take a more through look:

You can get one-time credit cards for on-line use:
http://www.auctionbytes.com/cab/abu/y205/m02/abu0137/s02

That links to a page, that offers auto-generated CC-numbers internally linked to your original CC-number and a certain and atomic(?) amount of valuta.
The algorithm is unknown.
The safety of your data is unknown.
They write that you need a cookie to use that service (I don’t know what’s in this cookie, it might be harmless. But history tells that this is unlikely)

And from CitiBank:
http://www.citibank.com/us/cards/tour/cb/shp_van.htm

CitiBank and security? Well …
The information offered at that page is more or less non-existant, but it seems, as if it works the same way as the offer above with the same weaknesses (except the cookie, I don’t know if they need one).

There’s also a problem in the design: they use the set of CC-numbers. It’s a very big set, but is it big enough to assign a new CC-number to every transaction? A re-use will of course kill the advantage of these one-time CC-numbers.
No, sorry: good idea (one-time keys), bad implemenation (use of CC#s).

CZ

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.