Oops! Sometimes we make mistakes on the podcast, and thankfully our listeners are kind enough to correct us. We incorrectly stated that there was not much difference between a dangling pointer and a NULL pointer, when in fact there is most certainly a difference. From listener “Mike”:

A dangling pointer points to an arbitrary place in memory. A null pointer points specifically to memory address zero. Dereferencing the latter produces nasty results which vary by platform. Dereferencing the former produces nasty results which vary in crazier and less secure, (generally,) ways.

Of course, the press still may be a bit off when they report on this, calling things “new hacking techniques” as recently reported from watchfire. Refer to this thread on the daily dave for some insight. Also, check out “Exploiting the Otherwise Non-Exploitable on Windows“, which came out a full year before the research from Watchfire.

About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.