Slashdot Mirror

← Back to Stories (view on slashdot.org)

2008 Underhanded C Contest Officially Open

Posted by Soulskill on from the sneaky-sneaky dept.

Xcott Craver writes "The 2008 Underhanded C Contest has just opened. Every year, contestants are asked to write a simple, innocent, readable C program that appears to perform an innocent task — but implements some non-obvious evil behavior. This year's challenge: redact blocks from an image, but do it so that the excised pixels can somehow be retrieved. We also have listed the winners of last year's contest, which was to write a simple encryption utility that mysteriously and undetectably fails between 1 percent and 0.1 percent of the time. The winning entry is truly impressive." We discussed the first of these contests in 2005.

11 of 160 comments (clear)

  1. Re:Hmm... by Llywelyn · · Score: 3, Insightful

    Ever seen scans from a FOIA request? They redact certain information regarding sources and methods (and some would claim whatever they feel like at the time). *That* would be a "use" of this technology.

    "Enter the registration key" type schemes are more easily accomplished without it being underhanded in nature.

    --
    Integrate Keynote and LaTeX
  2. Re:Hmm... by Gnavpot · · Score: 4, Insightful

    No, the point is to make a utility that appears to innocently redact part of an image

    More precisely:
    The point is to make a utility that - when viewing the source code - appears to innocently...

    It is no challenge to make a closed source utility which does something evil even though it appears to do something innocent. Most viruses do that.

    The challenge is to hide the the evil behaviour in simple and open source code.
  3. Re:Hide the evil code? by Ethan+Allison · · Score: 4, Insightful

    That's what makes this so interesting.

    --
    I make websites and stuff. Buy one.
  4. Re:Hide the evil code? by amRadioHed · · Score: 4, Insightful

    One possible option for this contest is to hide information in the lower bounds of each pixel (stenography like) Sure that's easy without the source code, but how do you make setting black to something other than 0 look innocent in your source code? There's the rub.
    --
    We hope your rules and wisdom choke you / Now we are one in everlasting peace
  5. Re:I submit by setagllib · · Score: 4, Insightful

    Microsoft has already released a fair part of Windows' source as the "Research kernel". Surprisingly enough it's not bad, but it takes more than clean code to make a clean operating system.

    --
    Sam ty sig.
  6. Re:Where are past year's results? by niceone · · Score: 2, Insightful

    http://underhanded.xcott.com/?page_id=9

    --
    ccalam - acoustic versions of new songs.
  7. This is scary by LaughingCoder · · Score: 3, Insightful

    OK, it is generally believed that OSS is inherently secure because so many eyeballs can examine and vet it. But as this contest shows, it is possible to include backdoor behavior "in the source for everyone to see" without it being discovered. Oh, and note to self, don't download any open source image editing software in the future ...

    --
    The more you regulate a company, the worse its products become.
    1. Re:This is scary by Haeleth · · Score: 4, Insightful

      OK, it is generally believed that OSS is inherently secure
      No, that's a popular strawman argument used by opponents of OSS. There have been enough vulnerabilities found in OSS that it is trivially obvious that any such claim is false, and no serious OSS proponent would dream of saying any such thing.
  8. It's been done for years .. . by Stavr0 · · Score: 4, Insightful

    courtesy of crazy Japanese censorship laws. Google for gmask or see examples at Lecture on masking (Yes, it's SFW)

  9. Re:Compression would be nice by RKThoadan · · Score: 2, Insightful

    The real challenge isn't how to do it, but how to do it so that someone who is reading your code doesn't realize the data is still available. That's the really tricky part.

  10. Re:2007 winners not found by Xcott+Craver · · Score: 2, Insightful

    We have a separate tab for the 2007 winners; it's the first one on the left.

    I recommend you give it a read; the entries are all very clever.