Mark Dowd published a paper [here] recently called “Application-Specific Attacks: Leveraging the ActionScript Virtual Machine”; that has excited researchers [here]. In it Mark points out techniques that promise to open up a class of exploits and vulnerability research previously thought to be prohibitively difficult, in other words exploiting Null Pointers.

But what are Null Pointers to start with? A Null Pointer is simply a pointer with a value of zero. It is considered an error to dereference a null pointer. In C terms think of malloc, the C function that allocates chunks of memory for programs to work with. When malloc fails, it returns NULL. According to many a university lecturers, their students are meant to check for that value, because malloc can fail at absolutely any time, and it makes sense since their code is not the only program claiming memory. Unfortunately the reality is far from it.

You can read an excellent technical write-up on Dowd’s hardcore exploit by Thomas Ptacek (of Matasano) blog [here].

There is an old saying, “Give a man a fish and you fed him for a day; teach him how to fish and you fed him for a life”*. In other words as long as we keep forcing developers to correct their mistakes but ignore teaching them, and them memorising, how to code properly we’ll always get into a similar situations - yes, kudos to Mark Dowd for doing something neat like this but then again, nothing to look here, move along.

It wont take long before businesses use this for fear-mongering and publicity stunts, to sell more products, more services and ensure us all that their product/service offers all the guarantees that corporations need. [read the Update!]

* For transparency I must include the following saying as well, “Give a man a fish and you fed him for a day. But if you knock him down and take his fish, you can sell it and buy some weed.”

UPDATE: IT security software specialist Tier-3 says that a report on Slashdot regarding Flash vulnerabilities indicates that null pointer security flaws could be here to stay and quickly evolve into the next big thing in hacking exploits.

Tier-3’s, CTO, Geoff Sweeney agrees, “We have been monitoring this for some time and confirm that null pointer security flaws are exploitable and could quickly replace buffer overflows as the next big threat. Buffer overflows are of course still an issue, but they are a problem that has been tackled by the industry for many years. Null pointer de-referencing has not received anywhere near the same level of attention, which means that users need to be more vigilant than ever.”