The Underhanded C Contest

Darren Dirt · March 06, 2008, 05:36:57 PM

Quote

Why?

The contest was initially inspired by Daniel Horn?s Obfuscated V contest in the fall of 2004. I was greatly impressed to see how even a short program to simply count characters in a text file can be made to fail, and fail only on one specific day.

Are you trying to prove open source is bad?

No, we are not trying to prove open source is bad. If anything, this contest illustrates that we need more code review, not less.

Won?t this contest have a bad influence on our youth?

I don?t see why: all I?m doing is inviting people to write malicious software in exchange for money.

Besides, it?s not even money. It?s a gift certificate for a store that lets you buy innocent things like caffeine pills, knives, butane torches and lasers.

-from FAQ page (past "winners" here)

bonus weirdness

Mr. Analog · March 12, 2008, 07:57:48 PM

Great concept for a contest.

When something goofs in a binary I just chalk it up to the fates and move on, with OSS stuff I can crack open the source and find out why something is @%&#ing up. I ran into this recently with an OSS Java XSLT processor and I plan to contribute a fix to it because what they were doing was wrong. Similarly I've been working with the Dojo toolkit and I've found a significant lack of documentation that I can remedy.

THE POINT is that IF there is a vulnerability or a bug when I hit either one I can deal with it myself if I want to or add it to the developer community bug track. Heck I downloaded a community JSON 2 XML XSLT stylesheet and it was already wired up to SVN if I wanted to submit changes to the source.

Mr. Analog · November 03, 2014, 10:12:06 AM

The 7th annual Underhanded C contest has begun
http://www.underhanded-c.org/

The 2014 Challenge?

QuoteThe 2014 Challenge: PiuPiu and the National Security Letter

The PiuPiu oversharing site allows users to create PiuPiu accounts and post 140-character messages. The federal government wants PiuPiu to surveil user activity on the site, by archiving any posts that match certain patterns outlined in a national security letter. Subject to the nondisclosure constraints of the letter, PiuPiu may not inform anyone of the surveillance request.

Nice

Darren Dirt · November 03, 2014, 11:58:34 AM

Thematically connected to hot-button sociopolitical issue! Bonus Points!

Mr. Analog · November 03, 2014, 12:01:18 PM

I know hey!

Tom · November 03, 2014, 09:33:29 PM

I can't wait to see some of the entries.

While I seem to be capable of writing subtle bugs, my mind doesn't tend to think in subtle intentional bugs.

The Underhanded C Contest

Darren Dirt

Mr. Analog

Mr. Analog

Darren Dirt

Mr. Analog

Tom