Correction: Dangling Pointer Vs NULL Pointer

Oops! Sometimes we make mistakes on the podcast, and thankfully our listeners are kind enough to correct us. We incorrectly stated that there was not much difference between a dangling pointer and a NULL pointer, when in fact there is most certainly a difference. From listener “Mike”:

A dangling pointer points to an arbitrary place in memory. A null pointer points specifically to memory address zero. Dereferencing the latter produces nasty results which vary by platform. Dereferencing the former produces nasty results which vary in crazier and less secure, (generally,) ways.

Of course, the press still may be a bit off when they report on this, calling things “new hacking techniques” as recently reported from watchfire. Refer to this thread on the daily dave for some insight. Also, check out “Exploiting the Otherwise Non-Exploitable on Windows”, which came out a full year before the research from Watchfire.

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.