Evil C Coders Wanted
Written by Kay Ewbank   
Wednesday, 12 November 2014

A challenge to write ‘evil’ C code is underway again, searching for the programmer who can produce code that looks benign but causes problems.

 

underhandedbanner

 

The challenge is the Underhanded C contest, a competition that requires entrants to write code that is as readable, clear, innocent and straightforward as possible, but that does something different that is subtly evil.

This is the seventh year of the challenge, and each year the judges have come up with a combination of a simple data processing problem that you need to subvert with covert malicious behavior, such as miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper.

This year’s challenge is titled PiuPiu and the National Security Letter.

The judges say that the PiuPiu oversharing site allows users to create PiuPiu accounts and post 140-character messages. The federal government wants PiuPiu to monitor user activity on the site by archiving any posts that match certain patterns outlined in a national security letter. No-one is to be informed of the surveillance request.

Entries to the competition need to scan incoming Pius before they are posted to see if they match any patterns requested in a national security letter, and if they do, to take a copy of the offending Piu and write it to a file. You’re not allowed to alter the entry or its user.

The tricky bit of the competition is that you need to write your surveillance function in such a way that the act of surveillance is subtly leaked to the user or to the outside world. PiuPiu cannot reveal the act of surveillance, but your function is technically able to edit the Piu or user structure during scanning. Find a way to alter that data (this alone is a bit of a challenge, since you are not supposed to alter the data, just scan it) in such a way that an informed outsider can tell if someone is being archived. The leakage should be subtle enough that it is not easily noticed.

You’ll be awarded extra points if you write code that is easily readable and short, because it is more impressive to hide a bug in short, readable code. You’ll also be awarded points for bugs that are “plausibly deniable” as an innocent programming error. If your errors remain hidden under syntax coloring, that too will earn you points. The final way to earn extra points is to write humorous, spiteful, or ironic bugs, such as evil behavior in an error-checking routine.

The prize is a $200 Gift Certificate to ThinkGeek (or equivalent for non-US programmers). It runs from November 2nd until the arbitrary deadline of New Years Day, 2015.

So if you program in C (or in C++ if you must) and feel like being underhanded see the full details on the This Year page.

 

underhand1

More Information

Underhanded C Contest

Related Articles

Underhanded C Contest Revived 

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, FacebookGoogle+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


SnapCode: A Java IDE for the Web
27/02/2024

Thanks to CheerpJ and WebAssembly you can now run a Java IDE inside your browser and local first.This is SnapCode, and while lightweight and in-browser, is to be not underestimated.



CSS Test of Time Award 2023
18/02/2024

The ACM CCS Test-of-Time Award honors research with long-lasting influence, which have had significant impacts on systems security and privacy. The 2023 award in respect of a paper by Marten van Dijk  [ ... ]


More News

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Sunday, 23 August 2015 )