|
Message-ID: <CAKoP-y8CEv=h4a-ckLe+_p4WJk-CwzuXVCbBXTd8HrG+TSNmTw@mail.gmail.com> Date: Tue, 2 Nov 2021 11:23:50 -0500 From: Josh Bressers <josh@...ss.net> To: oss-security@...ts.openwall.com Subject: Re: Trojan Source Attacks On Tue, Nov 2, 2021 at 10:56 AM David A. Wheeler <dwheeler@...eeler.com> wrote: > > However, I think it’s important to realize this is a special case of > “underhanded code” aka “underhanded source code” aka “maliciously > misleading code”. Underhanded code is source code crafted so that the > source code looks like it does one thing to human reviewers, but it > actually does something else. Homoglyphs are a common mechanism of attack > (e.g., 1/l or O/0), as are misleading indentation, etc. > > The first reference I can find to underhanded code is the 2004 Obfuscated > V Contest (http://graphics.stanford.edu/~danielh/vote/vote.html) created > by Daniel Horn. > > You could argue the obfuscated C contest is related, that goes back to 1984. https://www.ioccc.org/years.html#1984 -- Josh
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.