Slashdot Mirror

← Back to Stories (view on slashdot.org)

The 2006 Underhanded C Contest Begins

Posted by ryuzaki0 on from the segmentation-fault-core-dumped dept.

Xcott Craver writes "The second annual Underhanded C Code Contest is live as of April 4th, and runs until July 4th. The object is to write malicious C code that looks perfectly readable and innocent under informal inspection of the source."

8 of 232 comments (clear)

  1. I Win by ExE122 · · Score: 5, Funny

    In this contest you must write code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should do something subtly evil.

    system("c:\Program Files\Internet Explorer\iexplore.exe");

    Where's my prize?

    --
    "Man Bites Dog
    Then Bites Self"
    --
    Capitalism: When it uses the carrot, it's called democracy. When it uses the stick, it's called fascism.
  2. Re:Can someone explain this to me? by chrismcdirty · · Score: 5, Insightful

    1. It teaches you not to take all code at face value, and actually read into it.
    2. It's fun.

    --
    It's like sex, except I'm having it!
  3. Re:Can someone explain this to me? by Xcott+Craver · · Score: 5, Insightful
    Well, ask yourself how the Obfuscated C Code contest "helps the community." To some extent, it's just a contest, and not meant to bring about world peace.

    On the other hand, I think it does teach us a thing or two about what to look for when reviewing code. I know I've learned a lot about sneaky coding practices since it started. I learned C in the 1980s and thought I was pretty knowledgeable by now, but I actually didn't know about ASCII trigraphs until last year. X

  4. I know... by scolby · · Score: 5, Funny

    ...I'll design a media player that appears to be playing a CD when it's actually installing a root kit that creates an easy way back door for malware.

    And then I'll get sued by Sony for copyright infringement.

  5. Re:Can someone explain this to me? by tmjr3353 · · Score: 5, Insightful

    I understand about making source code available helps in a secure system, but what if that code has evil code...made to look innocent upon inspection....written into it?

    I think you've highlighted the point right there. By getting the community to find ways to write code of this fashion, you're simultaneously getting them to learn to read code better (or at least that would be my hope). If I know how to write code in a fashion that looks innocent but brings with it not-so-innocent consequences, then hopefully I know how to tell when someone else is doing the same thing.

  6. Re:Can someone explain this to me? by l2718 · · Score: 5, Insightful

    This problem arises whenever you need to use software for an application that must be secure. One famous case of tampering was by the CIA; control software for a Soviet oil pipeline purchased in the West was modified to fail upon a remote command causing a massive explosion.

    One hypothetical scenario: Diebold decide to act on their CEO's promise to deliver the election to the Republican party by making a small modification to their voting machines. If they can use the techniques this contest is looking for they would write the code so that it would escape even scrutiny by an outside agency (say, the government).

    In general, the idea of the contest is to showcase ways of breaking security and therefore perhaps ways to overcome them.

  7. Re:Can someone explain this to me? by adyus · · Score: 5, Funny

    Um, I think your signature should be number three:
    1. It teaches you not to take all code at face value, and actually read into it.
    2. It's fun.
    3. It's like sex, except I'm having it!

    :)
  8. Re:Can someone explain this to me? by Guignol · · Score: 5, Funny

    Yes, for instance we could say it is malicious if it wouldn't halt