Stephen Colbert Computer Security Tips

Stephen Colbert on protecting your computer: Part 1 and Part 2.

Posted on August 25, 2006 at 12:06 PM • 20 Comments

Comments

Josh OAugust 25, 2006 1:21 PM

Tip #1 should be to not use IE in general, but unfortunately, this video seems to require it, since firefox isn't working. I'm not one of those complainers, but I think this is interesting for a couple reasons. It implies that Bruce uses IE, and it is funny that a security blog site occasionaly requires you to use probably the least secure browser some times to see all the content.

Israel TorresAugust 25, 2006 1:24 PM

Here are the tips...
Protecting your online identity:
1. Always type with your non-dominant hand - so it's not typed in your handwriting.
2. Pick the right password - close your eyes and slap the keyboard at random.
3. Get hundreds of credit cards - never use the same one twice.
4. Defrag your hard drive once in a while - overheard a nerd say it somewhere at best buy.
5. For every real search on a search engine do a fake search - make it seem it's not you doing the search.
6. An infected computer is a vulnerable computer - make sure you wash your computer once a month.

Israel Torres

Ben CAugust 25, 2006 1:25 PM

Josh O: It worked OK for me with Safari, after I clicked on the "oh you must be using a popup blocker" link.

Bryan GeraghtyAugust 25, 2006 1:37 PM

If you have Quicktime Alternative (http://www.google.com/search?q=quicktime+alternative&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official) installed, it uses Windows Media Player Classic. It will give you the option of registering it in firefox which will allow you to view those pesky I.E.-only video feeds. Enjoy!

JungsonnAugust 25, 2006 2:25 PM

@Josh O

:))

can't watch it either on ubuntu linux - Firefox 1.5 it must be a .wmv i think. other codes: i have them all.

JungsonnAugust 25, 2006 2:30 PM

@Israel torres who said:

"2. Pick the right password - close your eyes and slap the keyboard at random."

This is not fully true, those are not random chars if done that way. You always make a pattern due to the fact that your mind and nervous system (which controls your hands) are responding in a logarithmic way, try to think random: can you?

If you do this often, you will find a pattern eventually. Use a computer program to select random chars.

WTFAugust 25, 2006 2:44 PM

@Jungsson
"This is not fully true, ..."

None of Mr. Colbert's tips are fully true. The Colbert Report is humor (sarcasm/irony). None of its content is intended to be fully true.

WTFAugust 25, 2006 2:46 PM

Oops, hit "Post" too soon.

I''m pretty sure Israel Torres posted a transcript of the Colbert video, for those who couldn't see it directly.

rayAugust 25, 2006 2:48 PM

It worked perfectly fine for me without having to do anything funny (other than the pop-up blocker link), and I'm not using any Microsoft products.

notChuckNorrisAugust 25, 2006 3:10 PM

Mr. Schneier used to primarily use Opera, surfing primarily on his non-dominant foot while singing the theme from "Walker, Texas Ranger."

Chuck (really)August 25, 2006 4:40 PM

@notChuckNorris

Bruce would never take such shortcuts. I've seen him whistle directly into a phone mouthpiece, generating a modulated DSL signal, encoding HTTP as he improvises it on the fly.

dan_linderAugust 25, 2006 4:46 PM

Here is the URL to the first video:
mms://a1607.v9950d.c9950.g.vm.akamaistream.net/7/1607/9950/v001/comedystor.download.akamai.com/9951/_!/com/colbert/2103_advice_a.wmv?auth=caEdYcBa7bFbZapd5b.akcRb5bqd_dod5dj-be724B-dHa-vELwwD&aifp=mtvn_02

The second video:
mms://a86.v9950d.c9950.g.vm.akamaistream.net/7/86/9950/v001/comedystor.download.akamai.com/9951/_!/com/colbert/2103_advice_b.wmv?auth=caEdka8cqbNduc.aFcIb7d6aAbJdjcMbGa7-be728p-dHa-vCEytD&aifp=mtvn_02

I was able to view these using MPlayer/Totem under Kubuntu (Movie -> Open Location...).

DragonhunterAugust 25, 2006 9:29 PM

I saw it fine with Firefox, FWIW...

Is Mr. Colbert on retainer with the DHS? Some of this stuff sounds frighteningly familiar! ;)

Christoph ZurniedenAugust 25, 2006 9:45 PM

Ironically, most of these tips do work, in some weird sense.

1. Always type with your non-dominant hand - so it's not typed in your handwriting.

Yes, there is a small chance that somebody has some app installed, able to get the characters out of the typing habits. But these applications work best only if they are installed at the victims computer. It works with a microphon too, but I would just install a videocamera instead of the mic: works better and doesn't even need that very expensive program in the first place.

2. Pick the right password - close your eyes and slap the keyboard at random.

Not really random, yes, but magnitudes better than "password", I guess.

3. Get hundreds of credit cards - never use the same one twice.

A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too.

4. Defrag your hard drive once in a while - overheard a nerd say it somewhere at best buy.

The only filesystems where regular defragmentation makes sense are the filesystems offered by Microsoft. Now, if the drivers of these filesystem have a little security hole that opens above a certain point of fragmentation ...

5. For every real search on a search engine do a fake search - make it seem it's not you doing the search.

Has been shown (here! ;-) that it doesn't work as planed. It is also shown, that nothing works as planed, only as coded, therefore the chance that it works is above zero. I'll leave the computing of the exact value of "above" to beaver.

6. An infected computer is a vulnerable computer - make sure you wash your computer once a month.

The average PC is one of the best available dustsamplers. The multiple levels of encrusted residues of human emissions have high thermal isolation values resulting in unstable behaviors of the internal switches and therefore unstable bit patterns. This may result in excessive gashing of security holes which can only be resolved by massaging the main memory with a two-handed double-headed axe--blades preferably engraved with erotic scenes--orthogonal to the hairline.

CZ

KeesAugust 27, 2006 5:00 PM

@Christoph Zurnieden
"3. Get hundreds of credit cards - never use the same one twice.
A provable secure method if you can make sure that every credit card is stamped invalid immediatly after first use. That is not possible without the help of the credit card company which proves it impossible mathematically too."

You can get one-time credit cards for on-line use:
http://www.auctionbytes.com/cab/abu/y205/m02/...
And from CitiBank:
http://www.citibank.com/us/cards/tour/cb/...

Christoph ZurniedenAugust 28, 2006 11:08 AM

My posting was not meant to be taken very seriously, so I didn't do any research, not even at Google.
I must admit that I'm a bit surprised. But let's take a more through look:

> You can get one-time credit cards for on-line use:
> http://www.auctionbytes.com/cab/abu/y205/m02/...

That links to a page, that offers auto-generated CC-numbers internally linked to your original CC-number and a certain and atomic(?) amount of valuta.
The algorithm is unknown.
The safety of your data is unknown.
They write that you need a cookie to use that service (I don't know what's in this cookie, it might be harmless. But history tells that this is unlikely)

> And from CitiBank:
> http://www.citibank.com/us/cards/tour/cb/...

CitiBank and security? Well ...
The information offered at that page is more or less non-existant, but it seems, as if it works the same way as the offer above with the same weaknesses (except the cookie, I don't know if they need one).

There's also a problem in the design: they use the set of CC-numbers. It's a very big set, but is it big enough to assign a new CC-number to _every_ transaction? A re-use will of course kill the advantage of these one-time CC-numbers.
No, sorry: good idea (one-time keys), bad implemenation (use of CC#s).

CZ

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..