Oops! Sometimes we make mistakes on the podcast, and thankfully our listeners are kind enough to correct us. We incorrectly stated that there was not much difference between a dangling pointer and a NULL pointer, when in fact there is most certainly a difference. From listener “Mike”:
A dangling pointer points to an arbitrary place in memory. A null pointer points specifically to memory address zero. Dereferencing the latter produces nasty results which vary by platform. Dereferencing the former produces nasty results which vary in crazier and less secure, (generally,) ways.
Of course, the press still may be a bit off when they report on this, calling things “new hacking techniques” as recently reported from watchfire. Refer to this thread on the daily dave for some insight. Also, check out “Exploiting the Otherwise Non-Exploitable on Windows“, which came out a full year before the research from Watchfire.