Many things related to history come to mind when reading the news about the English sending a Prince to fight in Iraq:

Critics have suggested the risks to the prince are too great but others have claimed that insurgents will not be able to ascertain exactly where he has been deployed.

But perhaps most distressing is a comparison of this news with the ongoing updates about another celebrity who was deployed to Afghanistan:

Within hours of Pat Tillman’s death, the Army went into information-lockdown mode, cutting off phone and Internet connections at a base in Afghanistan, posting guards on a wounded platoon mate, and ordering a sergeant to burn Tillman’s uniform.

New investigative documents reviewed by The Associated Press describe how the military sealed off information about Tillman’s death from all but a small ring of soldiers. Officers quietly passed their suspicion of friendly fire up the chain to the highest ranks of the military, but the truth did not reach Tillman’s family for five weeks.

The clampdown, and the misinformation issued by the military, lie at the heart of a burgeoning congressional investigation.

How safe is the Prince from friendly fire or a coverup?

The exploit code circulating right now has all sorts of “have fun” comments. I think there should be a sports channel dedicated to software security.

This particular incident might show up on the “competitive buffer overflows” program.

Or how about a reality show that pits the common corporate development manager and engineers against the wily security consultants and insider threats? I would include outside threats, but frankly I don’t think the outsiders have a chance without some kind of inside connection.

Castles were either breached by long battles of attrition and overwhelming odds, or someone “found” a weakness by paying an insider or someone who had at some point been inside…

Anyway, the breach was reported about a day ago and I have not seen any response from the vendors yet. He suggests that you just need a target user to open a special PNG file in Photoshop or Paint Shop Pro on Windows XP and you can do nasty things like open a backdoor.

Multiple image editing applications are prone to a remote buffer-overflow vulnerability. This issue occurs due to a failure by the software to properly bounds-check user-supplied input prior to copying it to an insufficiently-sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

Perhaps the most annoying thing about this kind of attack vector is that images flow so freely today and Photoshop and Paint are so common. Note that the PNG attack follows the announcement last week by the same author that .BMP, .DIB and .RLE are also suitable methods of attack.