|Evil C Coders Wanted|
|Written by Kay Ewbank|
|Wednesday, 12 November 2014|
A challenge to write ‘evil’ C code is underway again, searching for the programmer who can produce code that looks benign but causes problems.
The challenge is the Underhanded C contest, a competition that requires entrants to write code that is as readable, clear, innocent and straightforward as possible, but that does something different that is subtly evil.
This is the seventh year of the challenge, and each year the judges have come up with a combination of a simple data processing problem that you need to subvert with covert malicious behavior, such as miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper.
This year’s challenge is titled PiuPiu and the National Security Letter.
The judges say that the PiuPiu oversharing site allows users to create PiuPiu accounts and post 140-character messages. The federal government wants PiuPiu to monitor user activity on the site by archiving any posts that match certain patterns outlined in a national security letter. No-one is to be informed of the surveillance request.
Entries to the competition need to scan incoming Pius before they are posted to see if they match any patterns requested in a national security letter, and if they do, to take a copy of the offending Piu and write it to a file. You’re not allowed to alter the entry or its user.
The tricky bit of the competition is that you need to write your surveillance function in such a way that the act of surveillance is subtly leaked to the user or to the outside world. PiuPiu cannot reveal the act of surveillance, but your function is technically able to edit the Piu or user structure during scanning. Find a way to alter that data (this alone is a bit of a challenge, since you are not supposed to alter the data, just scan it) in such a way that an informed outsider can tell if someone is being archived. The leakage should be subtle enough that it is not easily noticed.
You’ll be awarded extra points if you write code that is easily readable and short, because it is more impressive to hide a bug in short, readable code. You’ll also be awarded points for bugs that are “plausibly deniable” as an innocent programming error. If your errors remain hidden under syntax coloring, that too will earn you points. The final way to earn extra points is to write humorous, spiteful, or ironic bugs, such as evil behavior in an error-checking routine.
The prize is a $200 Gift Certificate to ThinkGeek (or equivalent for non-US programmers). It runs from November 2nd until the arbitrary deadline of New Years Day, 2015.
So if you program in C (or in C++ if you must) and feel like being underhanded see the full details on the This Year page.
To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin, or sign up for our weekly newsletter.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Sunday, 23 August 2015 )|