Schneier on Security

Tip #1 should be to not use IE in general, but unfortunately, this video seems to require it, since firefox isn't working. I'm not one of those complainers, but I think this is interesting for a couple reasons. It implies that Bruce uses IE, and it is funny that a security blog site occasionaly requires you to use probably the least secure browser some times to see all the content.

Here are the tips...
Protecting your online identity:
1. Always type with your non-dominant hand - so it's not typed in your handwriting.
2. Pick the right password - close your eyes and slap the keyboard at random.
3. Get hundreds of credit cards - never use the same one twice.
4. Defrag your hard drive once in a while - overheard a nerd say it somewhere at best buy.
5. For every real search on a search engine do a fake search - make it seem it's not you doing the search.
6. An infected computer is a vulnerable computer - make sure you wash your computer once a month.

Israel Torres

Josh O: It worked OK for me with Safari, after I clicked on the "oh you must be using a popup blocker" link.

Those of us in the Microsoft-free world are left ignorant.

"1. Always type with your non-dominant hand - so it's not typed in your handwriting."

is not as funny as he might have intended. There are biometric identification programs that look at typing patterns.

http://www.biopassword.com/...

@Josh O

:))

can't watch it either on ubuntu linux - Firefox 1.5 it must be a .wmv i think. other codes: i have them all.

@Israel torres who said:

"2. Pick the right password - close your eyes and slap the keyboard at random."

This is not fully true, those are not random chars if done that way. You always make a pattern due to the fact that your mind and nervous system (which controls your hands) are responding in a logarithmic way, try to think random: can you?

If you do this often, you will find a pattern eventually. Use a computer program to select random chars.

@Jungsson
"This is not fully true, ..."

None of Mr. Colbert's tips are fully true. The Colbert Report is humor (sarcasm/irony). None of its content is intended to be fully true.

Oops, hit "Post" too soon.

I''m pretty sure Israel Torres posted a transcript of the Colbert video, for those who couldn't see it directly.

It worked perfectly fine for me without having to do anything funny (other than the pop-up blocker link), and I'm not using any Microsoft products.

Mr. Schneier used to primarily use Opera, surfing primarily on his non-dominant foot while singing the theme from "Walker, Texas Ranger."

@notChuckNorris

Bruce would never take such shortcuts. I've seen him whistle directly into a phone mouthpiece, generating a modulated DSL signal, encoding HTTP as he improvises it on the fly.

I found it, or maybe both, on YouTube:

http://www.youtube.com/watch?v=T-Lf_v4e0Vg

I don't know what part 1 & 2 are because I can't see the original ones linked too...

I saw it fine with Firefox, FWIW...

Is Mr. Colbert on retainer with the DHS? Some of this stuff sounds frighteningly familiar! ;)

Ironically, most of these tips do work, in some weird sense.

1. Always type with your non-dominant hand - so it's not typed in your handwriting.

Yes, there is a small chance that somebody has some app installed, able to get the characters out of the typing habits. But these applications work best only if they are installed at the victims computer. It works with a microphon too, but I would just install a videocamera instead of the mic: works better and doesn't even need that very expensive program in the first place.

2. Pick the right password - close your eyes and slap the keyboard at random.

Not really random, yes, but magnitudes better than "password", I guess.

3. Get hundreds of credit cards - never use the same one twice.

A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too.

4. Defrag your hard drive once in a while - overheard a nerd say it somewhere at best buy.

The only filesystems where regular defragmentation makes sense are the filesystems offered by Microsoft. Now, if the drivers of these filesystem have a little security hole that opens above a certain point of fragmentation ...

5. For every real search on a search engine do a fake search - make it seem it's not you doing the search.

Has been shown (here! ;-) that it doesn't work as planed. It is also shown, that nothing works as planed, only as coded, therefore the chance that it works is above zero. I'll leave the computing of the exact value of "above" to beaver.

6. An infected computer is a vulnerable computer - make sure you wash your computer once a month.

The average PC is one of the best available dustsamplers. The multiple levels of encrusted residues of human emissions have high thermal isolation values resulting in unstable behaviors of the internal switches and therefore unstable bit patterns. This may result in excessive gashing of security holes which can only be resolved by massaging the main memory with a two-handed double-headed axe--blades preferably engraved with erotic scenes--orthogonal to the hairline.

CZ

In case you want to save youtube (and other) videos to your hard drive, you can use the video downloader extension at http://javimoya.com/blog/youtube_en.php

@Christoph Zurnieden
"3. Get hundreds of credit cards - never use the same one twice.
A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too."

You can get one-time credit cards for on-line use:
http://www.auctionbytes.com/cab/abu/y205/m02/...
And from CitiBank:
http://www.citibank.com/us/cards/tour/cb/...

My posting was not meant to be taken very seriously, so I didn't do any research, not even at Google.
I must admit that I'm a bit surprised. But let's take a more through look:

> You can get one-time credit cards for on-line use:
> http://www.auctionbytes.com/cab/abu/y205/m02/...

That links to a page, that offers auto-generated CC-numbers internally linked to your original CC-number and a certain and atomic(?) amount of valuta.
The algorithm is unknown.
The safety of your data is unknown.
They write that you need a cookie to use that service (I don't know what's in this cookie, it might be harmless. But history tells that this is unlikely)

> And from CitiBank:
> http://www.citibank.com/us/cards/tour/cb/...

CitiBank and security? Well ...
The information offered at that page is more or less non-existant, but it seems, as if it works the same way as the offer above with the same weaknesses (except the cookie, I don't know if they need one).

There's also a problem in the design: they use the set of CC-numbers. It's a very big set, but is it big enough to assign a new CC-number to _every_ transaction? A re-use will of course kill the advantage of these one-time CC-numbers.
No, sorry: good idea (one-time keys), bad implemenation (use of CC#s).

CZ