Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKoP-y8CEv=h4a-ckLe+_p4WJk-CwzuXVCbBXTd8HrG+TSNmTw@mail.gmail.com>
Date: Tue, 2 Nov 2021 11:23:50 -0500
From: Josh Bressers <josh@...ss.net>
To: oss-security@...ts.openwall.com
Subject: Re: Trojan Source Attacks

On Tue, Nov 2, 2021 at 10:56 AM David A. Wheeler <dwheeler@...eeler.com>
wrote:

>
> However, I think it’s important to realize this is a special case of
> “underhanded code” aka “underhanded source code” aka “maliciously
> misleading code”. Underhanded code is source code crafted so that the
> source code looks like it does one thing to human reviewers, but it
> actually does something else. Homoglyphs are a common mechanism of attack
> (e.g., 1/l or O/0), as are misleading indentation, etc.
>
> The first reference I can find to underhanded code is the 2004 Obfuscated
> V Contest (http://graphics.stanford.edu/~danielh/vote/vote.html) created
> by Daniel Horn.
>
>
You could argue the obfuscated C contest is related, that goes back to 1984.
https://www.ioccc.org/years.html#1984

-- 
     Josh

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.