Have you ever needed to create a GIF and found the available options for doing so less than stellar?
I mean sure, you could try your luck with an option off download.com and risk a virus! However, if you value your electronic devices as well as your data and would like to just skip the absolute hellish nightmare of dealing with the resulting ransomware you might just decide give one of the more reputable cloud build GIF making services a try instead.
However, fail to use one of those more “reputable” build services and you are back to square one, downloading viruses!
Further, even if you are lucky and do find a service that isn’t a front for a black hat syndicate, anyone with an ounce of sense (28.3495 grams to be exact) 😛 will be left with with more questions and concerns than confidence!
Questions like, do I still own my images? or Are the generated GIF’s mine? Have I given away or extended use rights (redistribution or public display) to the site owners? Have they been tampered with, down-scaled or were any watermarks added? Am I compromising my brand or business by using this service? Am I sure I know what I am getting back is safe for myself and my clients?
Right about now a few of you might be thinking “You can’t get a virus from an image since there is no executable code”… but of course you’d be wrong!
So… Let’s take a trip back to 2002 with this article from PC mag. The first jpeg virus had been identified in the wild and while it was benign (both then and certainly now) it demonstrates that even images can be vectors of attack and a means of passive propagation!
The fact is that even if a GIF acts only as a means of delivering a viral payload, a cargo container on which the malware hitches, the GIF (or image in general) is therefore necessarily used in conjunction with a viewer or player application (executable) and therein lies the problem! The image data must be read to be viewed.
The risk posed here is by a so called “zero-day” attack utilizing as yet undocumented vulnerabilities in the viewer app itself, the codec or libraries used to read the media or even potentially the OS, and if you think you are safe because you’d somehow intuit that the image is seemingly “larger than it should be” (in terms of byte size) well, you’d be wrong again!
Remind me to have a talk with you later about this whole doubting me thing… its weird, it’s becoming a problem and it needs to stop! 😛
Appending raw byte data is a real sloppy & amateur way to infect (or store) data in an image!
There are plenty of methods for hiding data in images that will NOT modify the file size!
Further, I have some future stenographic projects planned so I will be brief here but just to prove the point… consider an image that is only 100x100px.
Like this one:
Such an image tends to be only a few bytes to kilobytes in size, the image above is only 0.506 KB (damn small) & you could hardly store any data in that right? Well if you are a clever hacker or computer scientist you can come up with quite a few different ways to encode the data directly into the pixel values themselves while at the same time making such slight modifications to the pixels that no perceivable change has occurred!
Additionally, high definition images are common these days so if anything this example is overly critical and in reality you will commonly deal with larger images. The simple fact is you cannot simply look at file size as and indicator for file infection when the file is an image!
Therefore even in a single static JPEG image that is only 100x100px (like above) could store at minimum 10,000 characters (about double all the characters in this entire post)!
Just when you were thinking “WOW TL;DR!” 😛
If you drop fidelity of the image as a concern you can write data to all color channels and that gives you 30,000 (~6X the length of this post) characters to work with! If instead you use a PNG, so that you can play with the alpha channel too, you get 40,000 (~8X the length of this post) characters (assuming that you didn’t use the alpha channel as a checksum ;-))… I can go on for quite some time on this very deep and fascinating subject but as I said I have some stenographic projects planed for you guys in the future and we will cover this stuff in more detail in those posts, so suffice it to say that just because “it’s an image” does not make it safe!
Now, I’m not trying to scare you… okay maybe a little 😛 but I want you to understand that the fact that you upload and download images to cloud build services is in no way a protection and a professional content creator cannot guess that their content is safe to open.
This is where I found myself when I wanted to animate and publish the Sierpinski triangle animations in my post A Chaos Game.
That’s why I used the GIFEncoder PHP class released by László Zsid to animate them myself using PHP rather than risk my system with unknown files! The great thing about GIFEncoder is that you don’t have to wonder if it’s safe, feel free to read the code yourself over on my GitHub and grab a copy while you are there! 😉
Plus admit it, its just more impressive and satisfying to copy & paste the code I give you and get a GIF rather than images which you then have to go stitch into a GIF yourself! 😛
I also previewed my latest Patreon App called GIFMaker in my last post A Value Proposition. Well today I am pleased to announce that I have made GIFMaker available over on Patreon for my User and Developer level followers!
Here are some screenshots of GIFMaker :
GIFMAKER GALLERY SIGN IN
The best part is that you can actually see the code that is responsible for creating the GIF as GIFMaker uses a PHP server back-end (either on your local machine or on your web server) so even my User level followers can modify the core functionality of GIFMaker (and GIFMaker Gallery) to meet their needs!
If you also would like to modify the GIFMaker GUI you can become a Developer level supporter of mine and get access to the C# Source Code and Unity3D IDE Project along with a commercial reuse license should you want or need that!
- There are no artificial limits in terms of image dimensional size or byte data placed on the application so if you have the memory and storage, feel free to make GIFs as large as you want!
- GIFMaker will not apply any kind of watermarks or other branding or identifiers to the animations so all you will get back is the images you gave it, simply animated!
- Comes with a Web Interface GIFMaker Gallery enabling the Viewing, Downloading and Deletion of your GIFs.
Have a great week!