/ / News, Podcast

Here’s a podcast of my recent Nature comment, co-written with Ben Laurie, Secure the Internet:

In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s crypto­graphic certificates, which securely verify the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.

Mastering by John Taylor Williams: wryneckstudio@gmail.com

John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host of the Living Proof Brew Cast. Hear him wax poetic over a pint or two of beer by visiting livingproofbrewcast.com. In his free time he makes “Beer Jewelry” and “Odd Musical Furniture.” He often “meditates while reading cookbooks.”

MP3 link

/ / News, Pirate Cinema

Here’s the video from my Pirate Cinema tour stop at Deerfield, IL — I talk war on general purpose computers, copyfighting, and do some Q&A.

Cory Doctorow’s “Pirate Cinema” 2012 Book Tour stop at Deerfield, IL

(Thanks, Psywiped!)

/ / News


OpenSSL maintainer and Google cryptographer Ben Laurie and I collaborated on an article for Nature magazine on technical systems for finding untrustworthy Certificate Authorities. We focused on Certificate Transparency, the solution that will shortly be integrated into Chrome, and also discuss Sovereign Keys, a related proposal from the Electronic Frontier Foundation. Both make clever use of cryptographic hashes, arranged in Merkle trees, to produce “untrusted, provable logs.”

In 2011, a fake Adobe Flash updater was discovered on the Internet. To any user it looked authentic. The software’s crypto­graphic certificates, which securely verify
the authenticity and integrity of Internet connections, bore an authorized signature. Internet users who thought they were applying a legitimate patch unwittingly turned their computers into spies. An unknown master had access to all of their data. The keys used to sign the certificates had been stolen from a ‘certificate authority’ (CA), a trusted body (in this case, the Malaysian Agricultural Research and Development Institute) whose encrypted signature on a website or piece of software tells a browser program that the destination is bona fide. Until the breach was found and the certificate revoked, the keys could be used to impersonate virtually any site on the Internet.

Secure the Internet (PDF)

/ / Pirate Cinema

I did an interview with The Geek’s Guide to the Galaxy, which they’ve published in both text and MP3 form. We talked about Pirate Cinema, Rapture of the Nerds, the Humble Ebook Bundle, the future of publishing, the Disney/Star Wars merger, and lots more:


Wired: Do you ever get letters from kids who have been inspired by your books to become hacker anarchists?

Doctorow: Yeah, all the time — at least to become hackers, and political activists. My first young-adult novel Little Brother had an afterword with a bibliography for kids who want to get involved in learning how security works, learning how computers work, learning how to program them, learning how to take them apart, learning how to solve their problems with technology as well as with politics. And the number of kids who have written to me and said that they became programmers after reading that, I couldn’t even count them. I’ve had similar responses to my second young-adult novel, For the Win, and I’ve also heard from kids who’ve read Pirate Cinema. In fact, we published an editorial by one of them on Boing Boing — an anonymous reader who makes her own movies out of Japanese anime, and who talked about what drives her and how the book resonated with her.


With Pirate Cinema, Cory Doctorow Grows His Young Hacker Army

/ / News, Podcast

Here’s a recording of a debate I participated in on Monday at Denmark’s Fagfestival (yes, really — Danish has weird English cognates) 2012, the largest gathering of journalists in the country. I debated Peter Schønning, a prominent Danish copyright lawyer, in an event hosted by Henrik Føhns.

MP3 link