News:

"The phone is a remarkably complex, simple device,
and very rarely ever needs repairs, once you fix them." - Dan/Panther

Main Menu

"Security Error" when posting pictures

Started by electric al, March 27, 2015, 08:49:58 AM

Previous topic - Next topic

Slal

Quote from: TelePlay on December 23, 2016, 03:17:31 PM
What are you using to take the pictures, what camera or phone?

Both actually.  One is a DSLR camera.  It saves as a 'NEF' or 'raw' file + tiff or jpg.  These are large files & need to be resized anyway.  The other is an Apple iPad.  Again, these are kind of large for HTML forums, so out of consideration to those with slower internet speeds, I resize them to 72PPI and 600 width.

To test resizing, I played around with images in last post at my 'phone gallery' topic.  Simply resizing yielded security flag.

Selecting the entire image and pasting it into a new file seems to work every time.  I'm not a programmer, but suspect this approach might be the same as stripping extra embedded data out of a file.  Only thing in there is probably just the app that was used and date of creation, etc.  Maybe it removes other stuff security is programmed to reject: copyright, web addresses to Apple, Adobe, Nikon, etc., and personal info.  "Sent from Bruce's iPad" whatever.

As for the security itself, I'm for leaving it in there.  Spoke with a friend who works as IT security specialist for a major insurance company here in San Antonio.  He's paranoid, but he's paid to be paranoid!   I guess his attitude is "better safe than sorry." 

According to him:  'Professional' hackers aren't going to bother with HTML sites like this one-- they're after banks, insurance companies-- most any place they can get personal information. 

"Wanna-be" hackers might try their stuff on HTML sites to see if malicious code works or not.  CRPF is kind of an exception though.  It is closed and requires members be 'validated.'  Anyone who posts something inappropriate or damaging would likely get banned.  So they probably wouldn't bother, but again-- "Better safe than sorry."

Making a 'new' file (using whatever method works, and is easiest) might require a little more time, but is probably in everyone's best interest imo.

Thanks for reading & Merry Christmas!

--Bruce

TelePlay

Thanks to a tip from a member, I looked at another software program that strips meta data et. al. from jpg images. BatchPurifier Lite is a free download at CNET. The free version only works with jpg images, which is all that is needed to get around the security issue with an image.

     http://download.cnet.com/BatchPurifier-Lite/3000-2144_4-10908843.html

I installed it on a laptop last night and it work great. Produces stripped jpg images just like my old software does. This, as my old software did, will remove all of the jpg header info (when you get to the screen asking which jpg data to delete, click on the jpg box and all boxes below it will be automatically included - checked).

NOTE:  The free Lite version only works with jpg images, you can not strip meta data from any other type of image.

You can then save the file as an over write or it will save it as a new file. The stripped image file will then upload to the forum without security issues (unless of course there is a string of code within the image itself that raises the flag and if that happens, resizing the image should shuffle the code enough to get rid of the internal string - rarely happens but it can happen on larger images)

XP users: As an extra exciting event, I had to first download the latest version of Microsoft .NET 4.0 software (for XP, Win7/10 uses 4.5)  before I could install BatchPurifier on my XP machine. Once .NET was up to date, BatchPurifier Lite was installed.

BatchPurifier Lite installed without issue on my Win7 and Win10 machines.

It's really easy to use when needed for one image file or a batch of image files. Basically, after opening the software, select the image(s) you want to clean, click on the jpg box, click on how you want to save it (over write or new file) and finish.

Below is the EXIF information (in pdf format) for an image that would not load.

After that is the EXIF data from the image after BatchPurifier Lite was used to clean out the offending data. The stripped image uploaded to the forum without issue, after using BatchPurifier Lite.

If you look at these pdf images, you can see the data in the image that would not load (some part of which raised the security flag). The second, after, pdf file shows what's left after cleaning allowing it to upload without issue.

Slal

If anyone is interested...

ExifTool by Phil Harvey is a simple stand alone program that makes no changes to your registry.  It's an easy way to check a file, or see 'before & after' results from 'Purifier.'

Available for both PC & Mac.  Simply install & use Windows Explorer (or Mac equivalent) to drag & drop file you want to examine.

http://www.sno.phy.queensu.ca/~phil/exiftool/

--Bruce

jeff1876

I also had the "Security Error" problem when trying to post my pictures.  I used GIMP software to resize my photos to 1200 pixels (Image, Scale Image).  Then when I export the photo to JPG format (File, Export As ...) I type in the file name and then hit Export.  The next window has an "Advanced Options" selection.  I removed three check boxes to not save EXIF data, thumbnail, and XMP data (see photo) and hit Export again.  I was then able to upload those files.  If you are already using GIMP software this should work.  Otherwise, you might consider a different program.

Jeff

TelePlay

No typing needed for BatchPurifier-Lite


Click desktop icon to open BatchPurifier-Lite, click on Add Files, click on file(s) to be cleaned, click Next ( #1)

On the next screen, click the JPEG box and all boxes below are check automatically, click next (#2)

On the next screen, click the destination of the cleaned file(s) (desktop is quick) and click next (#3) and they are cleaned.

The next screen shows the input file name(s) and location along with the cleaned file name(s) and location, click close and you are done.


Took 18 seconds to clean one file and I didn't have to touch the keyboard. Easiest cleaner I've looked at and I check 5 or 6 other programs since this problem surfaced months ago.

These are the screen shots of the 4 steps of BatchPurifier-Lite (click on the image to enlarge).

andre_janew

What causes all that dirty data to get in there in the first place?  Is there a way to prevent it from getting in there?

TelePlay

Quote from: andre_janew on December 28, 2016, 06:27:12 PM
What causes all that dirty data to get in there in the first place?  Is there a way to prevent it from getting in there?

No, it is not dirty data. It is the meta data placed into an image that records information about the photo. Smart Phones that have their GPS Location turned on will show the latitude and longitude of where the photo was taken, the direction in which the phone was pointed, the exact device used to capture the photo, the F-Number, the shutter speed, focal length, sensor chip size, whether or not the flash was used, if the device was rotated (sideways pictures on the forum are thumbnails that will show correctly when the photo is clicked on a rotated by the display software), size of the image, date it was taken, the type of image (jpg), the color code used to capture the colors, resolution and a whole lot of other technical stuff.

It's not dirty in that it is highly technical as related to the image (and if you want to track someone for any reason who is on vacation and posting images to Facebook every hour, easy to do by looking at this information).

Problem is that there is something in all that meta data that has a tendency to raise the SMF security flag and the easiest way to upload the image with that issue is to remove the meta data, the overhead.

The most recent version of SMF is 2.0.12 and the forum is using 2.0.11. The forum is working on getting the latest version installed. We are hoping SMF has resolved the security issue.

If the security issue is fixed and any photo can be uploaded by members, just keep in mind that all of that information will be attached to photos unless stripped before posting. Whether or not that is important to the posting member, it is up to the member. The way to get around that is to use an older camera, one that does not have GPS or a lot of the other data or strip the meta data off of images using whatever method the member decides to use. That's how to get rid of it in a nutshell.

So, that's when, where, why and how the who information is attached to images.

AE_Collector

Too bad the photo upload thing on the forum didn't gave an option that admin could set to automatically downsize pictures to a reasonable size AND strip the meta data while uploading pictures.

Terry

unbeldi

Quote from: AE_Collector on December 29, 2016, 01:50:17 PM
Too bad the photo upload thing on the forum didn't gave an option that admin could set to automatically downsize pictures to a reasonable size AND strip the meta data while uploading pictures.

Terry

The admin interface does actually have a configuration option to remove metadata.  But it is a bad idea to implement it at that global level, I believe, because it would strip such information even when it is needed.  It is needed, for example, in animated gif images.  The animation information is stored as metadata and the intended effect would be destroyed, perhaps even make the image useless if the first "slice" is for effect only.

TelePlay

I haven't seen any post about this problem since I posted about BatchPurifier-Lite.

Anyone using it and if so, how do you like its simple use?

I discovered that right clicking on an image gives me the option under "Send to" to send the image directly to BatchPurifier-Lite (BPL) which eliminated the steps of opening BPL and adding the image. BPL came up with the image selected and the jpg box on the next screen selected so only had to do 2 things, select the desktop for the cleaned image and click to clean.

Could probably clean an image using tha methods in less than 10 seconds.

Anyone else try this program and if so, what did you think of it to resolve the security issue or clean sensitive meta data?

Jack Ryan

I seem to spend a lot of time asking people to add metadata to shared files.

Removing it is counter-productive. It seems to me that the problem should be addressed.

Why would anyone scan a compressed binary file for the signature of malware? It's almost like looking for something wet in a puddle.

But that's just me.

Jack

TelePlay

Quote from: Jack Ryan on January 01, 2017, 08:18:13 PM
I seem to spend a lot of time asking people to add metadata to shared files.

Removing it is counter-productive. It seems to me that the problem should be addressed.

Why would anyone scan a compressed binary file for the signature of malware? It's almost like looking for something wet in a puddle.

But that's just me.

Well, no one is asking anyone to do that. Yes, it has it's uses for those who need it for whatever purpose or work they are involved in, as long it is legal use, non-malevolent use of the data. The point was if anyone has an image that does upload for whatever reason, have they tried that program to remove the meta data and then successfully upload the data.

Now, for those who are more conscious of what less than lawful people can get from a photo, iPhones with GPS location turned on will insert the longitude and latitude into the meta data, include the address closest to that point, the time and date that image was take, the direction the camera was facing and a google satellite map of the image creation locations.

Now, many members don't have to worry about their possessions or safety but I live in a metropolitan area that has a dangerous city at its center that just recorded 153 homicides for 2016 and already 1 in 2017. Doesn't seem like much but we have the 5th highest rate of violent crimes per capita and the 10th highest murder rate per capita in the US. I can speak only for myself but I prefer to keep my personal data, my location and my belongings private.

So, while the only intent was to help people fix one photo that for some reason can not be uploaded, it was not implied that all photos be stripped of meta data unless, of course, the poster of the picture prefers to avoid that data getting into the wrong hands.

I'm just looking for those who needed to fix an image and used BPL to do so, and to find out how it worked for them. After all of the posts I and others have done over and over to answers complaints about an issue we have no control over (we don't write code for SMF and don't have a direct line to their code writers) and finally finding a easy solution when the problem pops up for one or maybe two images, I find it refreshing to have a work around rather than have to post and post and post and post again about what we think is the reason and the multiple ways that some have found and suggested to maybe get around the problem and might not work. Problems that can now be fixed easily by the least knowledgeable computer code and/or software end user person.

Maybe, if I have the time, I will try using BPL with each of the jpg options offered in BPL to see what part or section of the meta data is found to be offensive by SMF code.

I don't strip meta data unless I end up with an image I can't load. I'm sure others do the same thing, don't think about meta data until they can't upload an image and then either fix it or complain about publicly. There has been so much written on the forum about this, it's just such a relief to say do this, have it work, and stop explaining and posing possible fixes.

Enough, off my soap box . . .


Doug Rose

I find when it happens to me, if I change the picture in the slightest way, ex tiny crop more, it will go through....Doug
Kidphone