Home / Software & Gaming / Security / Who can write the most malicious code?

Who can write the most malicious code?

This is the question asked by coding competition, Underhanded C, which pits hackers against each other to create the most nefarious bit of code they can come up with; but the trick is doing so while making it stealthy enough to avoid casual investigation.

The setup in this latest competition documentation is that participants are managing the database of a social network. Competitors need to create an algorithm that allows the sign up of new accounts and sets them up normally, while making it possible for the creator to view everyone's information. Points are awarded for the shorter and more “readable” the code is, but they are evenly distributed for “hard errors,” that exploit the code itself, as much as they are for “soft” errors, where human interaction is taken advantage of.

hackathon

Dave here was hacking so long, he forgot he didn't have a touch screen. Source: Wikimedia

Bonus points are awarded for any humorous, ironic or evil bugs too. Anyone wishing to enter needs to have their entries in by 4th July.

Winners will take home a gift certificate to ThinkGeek, worth $200 (£132), which is far from a monstrous prize, but there's a lot of pride involve too. It's also only the second year that the prize has been more than $100, so in some ways, competitors should feel lucky.

Organised by Dr. Scott Craver, of the Department of Electrical Engineering at Binghamton University, Underhanded C has been running since 2005, but took a break between 2009 and today; now though it's back in full swing.

KitGuru Says: Is this something any of you guys could take a swing at? Let us know if you win!

[Thanks Wired]

Become a Patron!

Check Also

Nvidia driver update fixes crucial security vulnerabilities

Nvidia GeForce, RTX, Quadro, NVS and Tesla GPU users will want to update their drivers soon. Nvidia has pushed out a hotfix with a number of critical security fixes that if left unfixed, could allow for unauthorised access to systems.