Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Bug Social Networks Communications Networking Privacy Security The Almighty Buck The Internet Wireless Networking Technology News

Pornhub Launches Bug Bounty Program With Rewards Up To $25,000 (techweekeurope.co.uk) 77

Mickeycaskill quotes a report from TechWeekEurope UK: Pornhub is launching a bug bounty program for security researchers and pornography enthusiasts who are able to identify flaws on its platform. Hunters will be paid a minimum of $50 for each vulnerability discovered, with up to $25,000 on offer for particularly vicious flaws, although the site notes that 23 reports have already been resolved. Successful applicants to the scheme will need to be the first person to responsibly disclose an unknown issue, which the Pornhub security team has 30 days to respond to, and up to 90 days to implement a fix base on the severity of the report. However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company's offices or data centers. Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.
This discussion has been archived. No new comments can be posted.

Pornhub Launches Bug Bounty Program With Rewards Up To $25,000

Comments Filter:
  • by Anonymous Coward
    ... I was looking for.
    • by Bob_Who ( 926234 )

      ... I was looking for.

      Yes, but at Pornhub they are always interested in finding and exploiting a new "hole"

  • by daveime ( 1253762 ) on Thursday May 12, 2016 @03:29AM (#52096565)
    ... but not something you're going to be able to put on your CV, not justify with the wife ... "I'm not browsing porn, I'm doing security research!"
    • by Anonymous Coward on Thursday May 12, 2016 @03:43AM (#52096599)

      "It was just a penetration test, I swear! I used protection!"

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Pornhub is owned by a media conglomerate with a pretty unoffensive name. Regardless, working as a dev / pentest (yea, haha) for a porn site/application is not ill received in the industry. It's not as glorious as being an SDE for a big 4 but many of those sites have interesting scalability issues and other interesting problem spaces. From all of my reading (mostly on /r/cscareerquestions) it seems like working for one of these companies is perfectly acceptable and the office environment is very similar t

  • by Anonymous Coward
    Looking for holes in a porn site...
    • by Anonymous Coward

      I bet it's easy to find backdoor access there.

  • 'pornography enthusiasts' - really?

  • by mentil ( 1748130 ) on Thursday May 12, 2016 @04:27AM (#52096683)

    However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company's offices or data centers. Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.

    This should be obvious, as it's a BUG bounty. That is, the point is to find and fix bugs in computer code, not to recite a Security 101 list of potential attack vectors. However, given that pen testers use social engineering, and probably some try to sneak into offices to test physical security, it makes sense to clarify that it's bugs only and not full pen testing. DDoS isn't even really fixable, just mitigatable.

    • by abies ( 607076 )

      [...]that it's bugs only and not full pen testing.

      You mean that PornHub got cold feet and opted for 'no full penetration'? Site looked a lot more emancipated by first looks...

    • As this exercise may draw attention from a wider clientèle than the normal bug hunters.

      There's a joke in there somewhere...

      • As this exercise may draw attention from a wider clientèle than the normal bug hunters.

        There's a joke in there somewhere...

        Crotch crickets?

  • Ewwwww! [google.co.jp]
  • Do you think they're planning on rolling out a big change soon and doing this will provide greater user trust? Also maybe they are desperate for good pen testers because it's probably hard to attract the cream of the crop there.
  • by Rosco P. Coltrane ( 209368 ) on Thursday May 12, 2016 @05:08AM (#52096777)

    Too many pornstars have crabs?

  • by hcs_$reboot ( 1536101 ) on Thursday May 12, 2016 @05:16AM (#52096805)
    Really didn't want to go there, but if it's for a good cause, bug hunting....
  • by Anonymous Coward

    Do you love cracks and want to penetrate deep using the right vulnerabilities? Are you the brute force type? Can you pull the right string to let you inject what you want inside? Have you ever hit it with so much in the right spot that it just burst and overflowed, opening wider and letting you do whatever you wanted to it? If so, then Pornhub is the place for you to come and practice your skills.

  • I don't know if anyone else saw this but on April 1 of this year one of my email addresses faced a constant deluge of identical offers for a free 24 hour membership to pornhub. IIRC the one address that was getting hit by it saw over 100 identical emails of that offer in one day.
  • I'm surprised the bounty isn't a chance to make a personal video with some kind of on-screen talent. It might attract more motivated participants.

    But then again, it may cost them more than $25k to get talent to agree to shag a beardy programmer.

    • Where you gonna find "on-screen talent" that's willing to sleep with a nerd? There are some things that people won't do for any amount of money!
      • by swb ( 14022 )

        It's a question of tradeoffs. I mean, they find people who will willingly(?) let Rocco Siffridi jack them up the ass for 30 minutes.

        A nerd may be ugly, but they won't be hung like a horse or have more than 2 minutes endurance, and you can close your eyes or turn around and not look at them.

        Those 30 minutes with Rocco won't get easier with your eyes closed.

  • by rnturn ( 11092 ) on Thursday May 12, 2016 @08:34AM (#52097357)

    Thanks for that. I needed a good laugh to start the day.


  • Security researcher Tom will definitely not carry out any DDoS attacks, or social engineering attacks or phishing attacks etc. non no none of those. That was something those other researchers did, Dick and Harry.
  • All Joking aside (Score:3, Insightful)

    by backwardsposter ( 2034404 ) on Thursday May 12, 2016 @09:27AM (#52097613)

    Good for them

  • So, the company is trying to determine if the porn industry is susceptible to viruses? $50 minimum and chance to get the Clap - sounds like a deleted scene from Hangovers
  • In other news: Jergens stock price tripled overnight as the demand for their hand lotion has lead to a new shortage. The experts are baffled as to what has led to the meteoric rise.
  • My wife looks at my browser history and asks, "Honey, what were you doing on PornHub?"

    "Researching security flaws, of course, my darling!"

  • Did we say "bug bounty"? Sorry, we meant to say "big booty"! Join our big booty program, starting today!
  • > pornography enthusiasts

    I was going to ask "Are there any other kinds?" but then I remembered the fundamentalists who hate it.

    /Oblg. Internet is for porn [youtube.com]

    • by Livius ( 318358 )

      They simply have a different kind of enthusiasm. How else are they going to get their fix of narcissistic self-righteousness?

  • I wanted to find out more about the bug bounty program, so I went to pornhub.com but then I, uh, got distracted. That was 6 hours ago.

  • Pornhub is launching a bug bounty program for security researchers and pornography enthusiasts who are able to identify flaws on its platform.

    Experienced with variable-load, multi-pronged penetration testing for detection (and plugging) of open ports with multiple penetration vectors. How would that sound? Because I don't know how I could keep a straight face if someone asks me about participation in such a program in an interview. Call me childish, but I would just smile like this at the interviewer : https://s-media-cache-ak0.pini... [pinimg.com]

Some people carve careers, others chisel them.

Working...