Pornhub Launches Bug Bounty Program With Rewards Up To $25,000 (techweekeurope.co.uk) 77
Mickeycaskill quotes a report from TechWeekEurope UK: Pornhub is launching a bug bounty program for security researchers and pornography enthusiasts who are able to identify flaws on its platform. Hunters will be paid a minimum of $50 for each vulnerability discovered, with up to $25,000 on offer for particularly vicious flaws, although the site notes that 23 reports have already been resolved. Successful applicants to the scheme will need to be the first person to responsibly disclose an unknown issue, which the Pornhub security team has 30 days to respond to, and up to 90 days to implement a fix base on the severity of the report. However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company's offices or data centers. Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.
Ladies and Gentlemen ... it's an AD CAMPAIGN (Score:1)
The so-called '$25,000 reward is but a distraction, an excuse, a honey pot
Face it, the online porn industry is declining --- the number of paying customer is not increasing and at the same time, new competitors arrive at the scene all the time
They need new blood, they need new audiences, they need new source of income
If I were to go to the porn site my missus would have killed me, but if I tell her that I may make some money finding bugs, missue might grant me that essential 'visa' to have a 'go' with it
Re:Ladies and Gentlemen ... it's an AD CAMPAIGN (Score:4, Funny)
That's not the kind of back door ... (Score:1)
Re: (Score:2)
... I was looking for.
Yes, but at Pornhub they are always interested in finding and exploiting a new "hole"
No, they are connoisseurs (Score:1)
Au contraire, they are connoisseurs of the art of eroticism
Re: (Score:3)
Au contraire, they are connoisseurs of the art of eroticism
tomayto, tomahto
Re: (Score:1)
I believe you should look up the definition of the word pervert before you label people.
Re: (Score:1)
Re: (Score:1)
Don't be so hard on yourself. (nyuk).
Seriously though if you're that anti, it's probably because you're a creepin' Jesus. And that's way, way worse.
Cash, sure ... (Score:3)
Re:Cash, sure ... (Score:5, Funny)
"It was just a penetration test, I swear! I used protection!"
Re: (Score:2)
"It was just a penetration test, I swear! I used protection!"
I hope you got consent for that
Re: (Score:3, Informative)
Pornhub is owned by a media conglomerate with a pretty unoffensive name. Regardless, working as a dev / pentest (yea, haha) for a porn site/application is not ill received in the industry. It's not as glorious as being an SDE for a big 4 but many of those sites have interesting scalability issues and other interesting problem spaces. From all of my reading (mostly on /r/cscareerquestions) it seems like working for one of these companies is perfectly acceptable and the office environment is very similar t
Re: Cash, sure ... (Score:5, Interesting)
I have a relative who worked for a porn site. He focused on cross-browser JavaScript performance and security. He said the porn sites are a couple of years ahead of most online banking sites, and respond to updates and vulnerabilities much faster.
bad joke (Score:1)
Re: (Score:1)
I bet it's easy to find backdoor access there.
Eh.. (Score:2)
'pornography enthusiasts' - really?
Re: (Score:1)
Obvious Restrictions (Score:5, Insightful)
However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company's offices or data centers. Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.
This should be obvious, as it's a BUG bounty. That is, the point is to find and fix bugs in computer code, not to recite a Security 101 list of potential attack vectors. However, given that pen testers use social engineering, and probably some try to sneak into offices to test physical security, it makes sense to clarify that it's bugs only and not full pen testing. DDoS isn't even really fixable, just mitigatable.
Re: (Score:2)
[...]that it's bugs only and not full pen testing.
You mean that PornHub got cold feet and opted for 'no full penetration'? Site looked a lot more emancipated by first looks...
Has to be said (Score:2)
As this exercise may draw attention from a wider clientèle than the normal bug hunters.
There's a joke in there somewhere...
Re: (Score:2)
As this exercise may draw attention from a wider clientèle than the normal bug hunters.
There's a joke in there somewhere...
Crotch crickets?
Porn bugs? (Score:1)
Re: (Score:3)
I'm not going to click on that link but fer shure someone had to verify if rule 34 applied..
What's up next? (Score:1)
Why does Pornhub look for bugs? (Score:3)
Too many pornstars have crabs?
Oh no! (Score:3)
Slashvertisement (Score:2, Funny)
Do you love cracks and want to penetrate deep using the right vulnerabilities? Are you the brute force type? Can you pull the right string to let you inject what you want inside? Have you ever hit it with so much in the right spot that it just burst and overflowed, opening wider and letting you do whatever you wanted to it? If so, then Pornhub is the place for you to come and practice your skills.
Re: (Score:2)
Did someone launch a pornhub joejob on April 1? (Score:2)
Re: Did someone launch a pornhub joejob on April 1 (Score:1)
That offer was only sent to regular site visitors.
Re: (Score:2)
Re: (Score:2)
In-kind payments (Score:2)
I'm surprised the bounty isn't a chance to make a personal video with some kind of on-screen talent. It might attract more motivated participants.
But then again, it may cost them more than $25k to get talent to agree to shag a beardy programmer.
Re: (Score:2)
Re: (Score:2)
It's a question of tradeoffs. I mean, they find people who will willingly(?) let Rocco Siffridi jack them up the ass for 30 minutes.
A nerd may be ugly, but they won't be hung like a horse or have more than 2 minutes endurance, and you can close your eyes or turn around and not look at them.
Those 30 minutes with Rocco won't get easier with your eyes closed.
Pornography enthusiasts? (Score:3)
Thanks for that. I needed a good laugh to start the day.
Oh sure (Score:2)
Security researcher Tom will definitely not carry out any DDoS attacks, or social engineering attacks or phishing attacks etc. non no none of those. That was something those other researchers did, Dick and Harry.
All Joking aside (Score:3, Insightful)
Good for them
Self Explanatory (Score:1)
Re: (Score:2)
Stock Rise (Score:1)
Happens every time (Score:2)
"Researching security flaws, of course, my darling!"
Oops! (Score:2)
Enthusiasts? Is that what they are calling it now? (Score:2)
> pornography enthusiasts
I was going to ask "Are there any other kinds?" but then I remembered the fundamentalists who hate it.
Re: (Score:2)
They simply have a different kind of enthusiasm. How else are they going to get their fix of narcissistic self-righteousness?
Interesting (Score:2)
I wanted to find out more about the bug bounty program, so I went to pornhub.com but then I, uh, got distracted. That was 6 hours ago.
Resume Entry (Score:2)
Pornhub is launching a bug bounty program for security researchers and pornography enthusiasts who are able to identify flaws on its platform.
Experienced with variable-load, multi-pronged penetration testing for detection (and plugging) of open ports with multiple penetration vectors. How would that sound? Because I don't know how I could keep a straight face if someone asks me about participation in such a program in an interview. Call me childish, but I would just smile like this at the interviewer : https://s-media-cache-ak0.pini... [pinimg.com]