oss-sec mailing list archives

Re: Trojan Source Attacks

From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Tue, 2 Nov 2021 10:05:52 -0700

On Nov 2, 2021, at 9:23 AM, Josh Bressers <josh () bress net> wrote:
You could argue the obfuscated C contest is related, that goes back to 1984.
https://www.ioccc.org/years.html#1984


You could certainly make that argument :-). At the least,
I think the obfuscated V contest was heavily inspired by the obfuscated C contest.
After all, just look at the similarities of the name! 

I didn’t make that argument.  The obfuscated C contest doesn’t bill itself
as trying to fool anything as thinking some code did something *different*.
Most entries are so bizarre that you have to deeply analyze it to figure out what it does at all.
It’s usually painfully obvious that obfuscated C entries are hard to read.

Underhanded code is, I think, significantly different. Instead of being clearly hard to understand,
It’s designed to be (1) easy to understand WRONGLY, (2) look innocent, and
(3) do something malevolent.

--- David A. Wheeler

Current thread:

Trojan Source Attacks Nicholas Boucher (Nov 01)
- Re: Trojan Source Attacks Jan Engelhardt (Nov 01)
  - Re: Trojan Source Attacks Perry E. Metzger (Nov 01)
    - Re: Trojan Source Attacks Jan Engelhardt (Nov 01)
    - Re: Trojan Source Attacks Siddhesh Poyarekar (Nov 01)
    - Re: Trojan Source Attacks Stuart D Gathman (Nov 02)
    - Re: Trojan Source Attacks Seth Arnold (Nov 02)
  - Re: Trojan Source Attacks Santiago Torres (Nov 01)
- Re: Trojan Source Attacks David A. Wheeler (Nov 02)
  - Re: Trojan Source Attacks Josh Bressers (Nov 02)
    - Re: Trojan Source Attacks David A. Wheeler (Nov 02)
    - Re: Trojan Source Attacks Michael Orlitzky (Nov 02)
- Re: Trojan Source Attacks Stuart D Gathman (Nov 02)
- Re: Trojan Source Attacks Georgi Guninski (Nov 04)
  - Re: Trojan Source Attacks Leonid Isaev (ifax) (Nov 04)