FAQ

Who are you?

I am a professor at Binghamton University, specializing in information security. I’ve been running (and funding) the Underhanded C Contest since 2005; it is based on my own interest in modern problems in deception and counterdeception.

The Binghamton University ECE department has a considerable emphasis on information security, specializing in certain deception problems: virus detection, DDoS detection, and covert channels (steganography.)

Why?

The contest was initially inspired by Daniel Horn’s Obfuscated V contest in the fall of 2004. I was greatly impressed to see how even a short program to simply count characters in a text file can be made to fail, and fail only on one specific day.

Are you trying to prove open source is bad?

No, we are not trying to prove open source is bad. If anything, this contest illustrates that we need more code review, not less.

Won’t this contest have a bad influence on our youth?

I don’t see why: all I’m doing is inviting people to write malicious software in exchange for money.

Besides, it’s not even money. It’s a gift certificate for a store that lets you buy innocent things like caffeine pills, knives, butane torches and lasers.

Is that deadline going to be strictly enforced?

No. It will take us a while to be impartial judges, after all, so late submissions are not a big deal.

Can I use C++ instead of C?

If you actually want to do something like that, then sure. No COBOL, please.

What compilers/platforms/etc can I use?

Whatever we can dig up, but we are most impressed by general submissions that work under any compiler or platform.

What if my evil code is platform-dependent? Will I lose points for that?

If the evil behavior only occurs on certain platforms, just let us know in the documentation.

You won’t lose points if your solution utilizes something hardware-specific like stack smashing. Indeed, the reason this is the Underhanded C Contest rather than the Underhanded Java Contest is that C offers plentiful opportunities to mess everything up at the hardware level.

For the 2008 contest: what does “blocked out” mean?

It means those pixels are apparently replaced with non-image. It can mean overlaying a black rectangle, or any colored rectangle, or a pattern, or random noise. As long as it appears to remove those image pixels, that’s fine.