Slashdot Mirror

← Back to Stories (view on slashdot.org)

2008 Underhanded C Contest Officially Open

Posted by Soulskill on from the sneaky-sneaky dept.

Xcott Craver writes "The 2008 Underhanded C Contest has just opened. Every year, contestants are asked to write a simple, innocent, readable C program that appears to perform an innocent task — but implements some non-obvious evil behavior. This year's challenge: redact blocks from an image, but do it so that the excised pixels can somehow be retrieved. We also have listed the winners of last year's contest, which was to write a simple encryption utility that mysteriously and undetectably fails between 1 percent and 0.1 percent of the time. The winning entry is truly impressive." We discussed the first of these contests in 2005.

22 of 160 comments (clear)

  1. I submit by Anonymous Coward · · Score: 5, Funny

    The Microsoft Windows Operating System, pick your version.

    1. Re:I submit by Rhapsody+Scarlet · · Score: 5, Funny

      Um, hello? Simple? Readable? Seemingly innocent? Does any current version of Windows manage to fulfil even one of these criteria?

    2. Re:I submit by dotancohen · · Score: 4, Funny

      Um, hello? Simple? Readable? Seemingly innocent? Does any current version of Windows manage to fulfil even one of these criteria?

      Post the Windows source code and we'll tell ya.
      --
      It is dangerous to be right when the government is wrong.
    3. Re:I submit by Anonymous Coward · · Score: 4, Funny

      Post the Windows source code and we'll tell ya.
      A rare moment when a goatse.cx link would be appropriate.
    4. Re:I submit by Tubal-Cain · · Score: 5, Funny

      When that chunk of the Win2K Pro source code hit the net I had to look... And where do you live again?

      --The IP Police
    5. Re:I submit by Anonymous Coward · · Score: 1, Funny

      No way.

      There's more than one gaping hole in windows.....

    6. Re:I submit by Tenebrarum · · Score: 2, Funny

      And where do you live again?

      --The IP Police

      127.0.0.1

  2. invisible ink by jacquesm · · Score: 3, Funny

    This is actually a feature in 'word'...

    --
    MP3 Search Engine
  3. Encryption utility that fails... by darekana · · Score: 5, Funny

    encryption utility that mysteriously and undetectably fails... Debian OpenSSL?

    (sorry, couldn't resist, I know they've suffered enough already)
    --
    Interactive Visual Medical Dictionary
  4. Re:Hmm... by Anonymous Coward · · Score: 5, Funny

    Something like Photoshop's Swirl filter.

  5. Re:Hide the evil code? by Anonymous Coward · · Score: 4, Funny

    Of course, I can't code C, so I don't know what I'm talking about.
    You should have begun your post with this line. Then I'd know not to listen to you. :-)
  6. Re:Hmm... by Anonymous Coward · · Score: 3, Funny

    You mean like the FBI in PDF's?

  7. WIC by Saiyine · · Score: 5, Funny

    Wavelet Intelligent Compressor. And it was intellingent, indeed. It had a compression scheme so good it could compress its own .wic files down from megs to bytes. But what do you mean with "random junk", do you mean my .wic based backups could be in trouble????

    --
    Hosting 20G hd, 1Tb bw! ssh $7.95
  8. goatse's time to... ummm... shine by jamesh · · Score: 3, Funny

    So it could be sufficient to replace the image with something that the inspector doesn't _want_ to look at. Sort of like a "somebody else's problem" solution. Your code would pass inspection because it would appear to have overlaid the original part of the image with the hardcoded image stored in code (the unsightly image), but there would be a bug which only copies every second pixel or something. Anyone looking at the redacted image wouldn't notice that the original data is still visible simply because they would have to look at the unsightly image too closely. They'd just rubber stamp the solution and say it passed, and then go and lie down for a bit.

    Alternatively, you could go the opposite way instead and use an image which would distract the attention of the inspector enough that they wouldn't notice. Something with breasts would probably do it.

    Can I have my $100 gift certificate now?

  9. Re:Hide the evil code? by linal · · Score: 2, Funny

    One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like) Sure that's easy without the source code, but how do you make setting black to something other than 0 look innocent in your source code? There's the rub. Just lie really well in your comments?
  10. Re:This is scary by Anonymous Coward · · Score: 1, Funny
    I wrote an incredibly mean spirited and scathing reply to your painfully obvious, self-interested, wannabe shill-spouted nonsense... but following your logic... it will clearly have more impact if I don't let you see it.


    8787h346d j89874s k7097 598d7j4s87d89h749 d8s k70llk34098 5 fh6ds89k39d87


    TAKE THAT!


    (posting anon because it will just hurt that much more!)

  11. Easy by StormReaver · · Score: 3, Funny

    Seemingly innocent code...that mysteriously and undetectably fails up to 1% of the time. What's the big deal? This sounds like any given day at work for me.

  12. Re:Hide the evil code? by Heian-794 · · Score: 4, Funny

    "One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like)"

    Pedantry, I admit, but it's steganography that hides the information in that way. Stenography would be copying the RGB values on a piece of lined yellow paper.

  13. Too easy by ObjetDart · · Score: 2, Funny
    utility that mysteriously and undetectably fails between 1 percent and 0.1 percent of the time


    Pfft. I don't see what the big deal is. Just about every app I've ever written does this.

    --
    I read Usenet for the articles.
  14. Re:Hmm... by deathy_epl+ccs · · Score: 3, Funny

    ... or the version of Acrobat they sell to the federal government.

  15. Re:Hide the evil code? by OldManAndTheC++ · · Score: 3, Funny

    And then of course there is Steganosaurus, the carnivorous dinosaur that employed stealth. It could hide in plain sight by making itself look like a large fern or shrub, and then leap onto its unsuspecting prey, snapping its victim's neck in one bite of its massive jaws.

    "Scientists" tell us that the dinosaurs died out millions of years ago, but I think that Steganosaurus could still be with us today, having adapted to our modern world by mimicking small cars, or photo kiosks, or landscaping equipment. And that is why I tell my wife that I refuse to touch the lawnmower until she can prove that it isn't really a steganosaur.

    --
    Soylent Green is peoplicious!
  16. Re:Hide the evil code? by kevingolding2001 · · Score: 4, Funny

    Diebold