Hasty Briefsbeta

Bilingual

The Underhanded C Contest

21 hours ago
  • #Nuclear verification
  • #NaN poisoning
  • #Underhanded C Contest
  • The 2015 Underhanded C Contest results were announced, with the winner and runners-up recognized for their submissions.
  • The challenge was a real-world nuclear verification problem sponsored by the Nuclear Threat Initiative.
  • Many submissions used NaN poisoning attacks, where floating-point NaN values cause false comparisons.
  • A live Reddit AMA was scheduled for February 9th to discuss the contest and its implications.
  • Submissions were judged on realism, with data-triggered attacks preferred over environment-triggered ones.
  • Runners-up included entries using NaN bugs, memory leaks, and clever negative-number tricks.
  • The winning entry by Linus Åkesson exploited a type confusion between float_t and double precision.
  • This confusion caused the program to misinterpret spectral data, allowing a host country to cheat without detection.
  • The attack is realistically achievable, uses standard code, and exploits integer counts in floating-point representation.