Pornhub Launches Bug Bounty Program With Rewards Up To $25,000 (techweekeurope.co.uk)

← Back to Stories (view on slashdot.org)

Pornhub Launches Bug Bounty Program With Rewards Up To $25,000 (techweekeurope.co.uk)

Posted by BeauHD on Wednesday May 11, 2016 @07:00PM from the 18-years-of-age-or-older dept.

Mickeycaskill quotes a report from TechWeekEurope UK: Pornhub is launching a bug bounty program for security researchers and pornography enthusiasts who are able to identify flaws on its platform. Hunters will be paid a minimum of $50 for each vulnerability discovered, with up to $25,000 on offer for particularly vicious flaws, although the site notes that 23 reports have already been resolved. Successful applicants to the scheme will need to be the first person to responsibly disclose an unknown issue, which the Pornhub security team has 30 days to respond to, and up to 90 days to implement a fix base on the severity of the report. However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company's offices or data centers. Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.

77 comments

Min score:

Reason:

Sort:

Porn DDOS by Anonymous Coward · 2016-05-11 19:08 · Score: 0, Offtopic

Is that locking yourself in a room with porn and not coming out until someone discovers you died of a heart attack mid erm clip?
That's not the kind of back door ... by Anonymous Coward · 2016-05-11 19:22 · Score: 1

... I was looking for.
1. Re:That's not the kind of back door ... by Bob_Who · 2016-05-13 15:56 · Score: 1
  
  ... I was looking for.
  Yes, but at Pornhub they are always interested in finding and exploiting a new "hole"
Cash, sure ... by daveime · 2016-05-11 19:29 · Score: 2

... but not something you're going to be able to put on your CV, not justify with the wife ... "I'm not browsing porn, I'm doing security research!"
1. Re:Cash, sure ... by Anonymous Coward · 2016-05-11 19:43 · Score: 5, Funny
  
  "It was just a penetration test, I swear! I used protection!"
2. Re:Cash, sure ... by Anonymous Coward · 2016-05-11 23:31 · Score: 0
  
  That's the same bullshit you said before you uploaded a virus into me! HE LIES!
3. Re: Cash, sure ... by Anonymous Coward · 2016-05-12 00:26 · Score: 0
  
  You just have to use alias names like Dick Overflow or Virginia Scanlan.
4. Re:Cash, sure ... by MightyDrunken · 2016-05-12 00:43 · Score: 1
  
  "It was just a penetration test, I swear! I used protection!"
  I hope you got consent for that
  
  --
  The most dangerous drug
5. Re:Cash, sure ... by Anonymous Coward · 2016-05-12 00:49 · Score: 3, Informative
  
  Pornhub is owned by a media conglomerate with a pretty unoffensive name. Regardless, working as a dev / pentest (yea, haha) for a porn site/application is not ill received in the industry. It's not as glorious as being an SDE for a big 4 but many of those sites have interesting scalability issues and other interesting problem spaces. From all of my reading (mostly on /r/cscareerquestions) it seems like working for one of these companies is perfectly acceptable and the office environment is very similar to any other.
6. Re: Cash, sure ... by drew_kime · 2016-05-12 02:33 · Score: 4, Interesting
  
  I have a relative who worked for a porn site. He focused on cross-browser JavaScript performance and security. He said the porn sites are a couple of years ahead of most online banking sites, and respond to updates and vulnerabilities much faster.
  
  --
  Nope, no sig
7. Re: Cash, sure ... by Anonymous Coward · 2016-05-12 07:25 · Score: 0
  
  Banks almost never lose their money (Bangladesh excepted) so they don't give a shit. Same reason why we're not getting chip&pin in the US.
8. Re: Cash, sure ... by Anonymous Coward · 2016-05-13 03:56 · Score: 0
  
  I live in the the US and have chip&pin for almost a year now. Maybe your town is too poor.
In other news: Network security in steep decline by Anonymous Coward · 2016-05-11 19:30 · Score: 0

...as security researchers spend more time "researching" the PornHub web site.
bad joke by Anonymous Coward · 2016-05-11 19:39 · Score: 1

Looking for holes in a porn site...
1. Re:bad joke by Anonymous Coward · 2016-05-11 20:04 · Score: 1
  
  I bet it's easy to find backdoor access there.
Eh.. by bytesex · 2016-05-11 19:56 · Score: 1

'pornography enthusiasts' - really?

--
Religion is what happens when nature strikes and groupthink goes wrong.
1. Re:Eh.. by Anonymous Coward · 2016-05-11 23:37 · Score: 0
  
  yeah, really. Sometimes I just throw on a porno for background noise just like you would netflix an episode of supernatural. Not everyone has an uncontrollable urge to spontaneously masturbate whenever a nude person or persons are around. your Pilgrim is hangin out. You should probably put that away!
I swear by Anonymous Coward · 2016-05-11 19:57 · Score: 0

I wasn't looking at porn. I was doing (security) research.
Captcha: clitoris
No, they are connoisseurs by Anonymous Coward · 2016-05-11 20:04 · Score: 1

... They are perverts ...

Au contraire, they are connoisseurs of the art of eroticism
1. Re:No, they are connoisseurs by lister+king+of+smeg · 2016-05-11 21:01 · Score: 2
  
  ... They are perverts ...
  Au contraire, they are connoisseurs of the art of eroticism
  tomayto, tomahto
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
Ladies and Gentlemen ... it's an AD CAMPAIGN by Taco+Cowboy · 2016-05-11 20:10 · Score: 1

The so-called '$25,000 reward is but a distraction, an excuse, a honey pot
Face it, the online porn industry is declining --- the number of paying customer is not increasing and at the same time, new competitors arrive at the scene all the time
They need new blood, they need new audiences, they need new source of income
If I were to go to the porn site my missus would have killed me, but if I tell her that I may make some money finding bugs, missue might grant me that essential 'visa' to have a 'go' with it

--
Muchas Gracias, Señor Edward Snowden !
1. Re: Ladies and Gentlemen ... it's an AD CAMPAIGN by Anonymous Coward · 2016-05-11 23:36 · Score: 0
  
  Far from declining it is getting bigger
2. Re: Ladies and Gentlemen ... it's an AD CAMPAIGN by Anonymous Coward · 2016-05-12 00:01 · Score: 0
  
  Use your phone. House wifi for data. Turn mobile browser to private mode. Wank in the toilet. No one is the wiser. Headphones for sound. Who asks what noises person makes in the loo or challenges that time?
3. Re: Ladies and Gentlemen ... it's an AD CAMPAIGN by Anonymous Coward · 2016-05-12 00:16 · Score: 0
  
  That's not what she said...
4. Re:Ladies and Gentlemen ... it's an AD CAMPAIGN by 110010001000 · 2016-05-12 01:00 · Score: 3, Funny
  
  Slashdot is declining too. Yet I visit every day!
Obvious Restrictions by mentil · 2016-05-11 20:27 · Score: 4, Insightful

However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company's offices or data centers. Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.
This should be obvious, as it's a BUG bounty. That is, the point is to find and fix bugs in computer code, not to recite a Security 101 list of potential attack vectors. However, given that pen testers use social engineering, and probably some try to sneak into offices to test physical security, it makes sense to clarify that it's bugs only and not full pen testing. DDoS isn't even really fixable, just mitigatable.

--
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
1. Re:Obvious Restrictions by abies · 2016-05-11 23:03 · Score: 1
  
  [...]that it's bugs only and not full pen testing.
  
  You mean that PornHub got cold feet and opted for 'no full penetration'? Site looked a lot more emancipated by first looks...
2. Re:Obvious Restrictions by Anonymous Coward · 2016-05-12 00:11 · Score: 0
  
  Social engineering attacks ought to be included, they may want to know who to fire and who to 'educate' a bit.
I can imagine the conversations... by Anonymous Coward · 2016-05-11 20:30 · Score: 0

"But it's for work, honey... honest!"
Sorry boss... by Anonymous Coward · 2016-05-11 20:44 · Score: 0

I can't make the next meeting because I'm "busy" looking for "bugs" on a prospective client... close the door on your way out?
Porn bugs? by Edis+Krad · 2016-05-11 20:44 · Score: 0

Ewwwww!
1. Re:Porn bugs? by tinkerton · 2016-05-11 21:03 · Score: 2
  
  I'm not going to click on that link but fer shure someone had to verify if rule 34 applied..
What's up next? by tweissin · 2016-05-11 21:07 · Score: 1

Do you think they're planning on rolling out a big change soon and doing this will provide greater user trust? Also maybe they are desperate for good pen testers because it's probably hard to attract the cream of the crop there.
Why does Pornhub look for bugs? by Rosco+P.+Coltrane · 2016-05-11 21:08 · Score: 2

Too many pornstars have crabs?

--
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
1. Re:Why does Pornhub look for bugs? by Anonymous Coward · 2016-05-12 02:59 · Score: 0
  
  Where would they live?!
That sum... by Anonymous Coward · 2016-05-11 21:15 · Score: 0

Pornhub Launches Bug Bounty Program With Rewards Up To $25,000
I'd have expected the max amount to be more like $69.000 ...
Oh no! by hcs_$reboot · 2016-05-11 21:16 · Score: 2

Really didn't want to go there, but if it's for a good cause, bug hunting....

--
Slashdot, fix the reply notifications... You won't get away with it...
Slashvertisement by Anonymous Coward · 2016-05-11 22:03 · Score: 2, Funny

Do you love cracks and want to penetrate deep using the right vulnerabilities? Are you the brute force type? Can you pull the right string to let you inject what you want inside? Have you ever hit it with so much in the right spot that it just burst and overflowed, opening wider and letting you do whatever you wanted to it? If so, then Pornhub is the place for you to come and practice your skills.
1. Re:Slashvertisement by Locke2005 · 2016-05-12 03:39 · Score: 1
  
  Know how to use a trojan and not afraid of viruses? Come to pornhub!
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
Did someone launch a pornhub joejob on April 1? by damn_registrars · 2016-05-11 23:20 · Score: 1

I don't know if anyone else saw this but on April 1 of this year one of my email addresses faced a constant deluge of identical offers for a free 24 hour membership to pornhub. IIRC the one address that was getting hit by it saw over 100 identical emails of that offer in one day.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. Re:Did someone launch a pornhub joejob on April 1? by Locke2005 · 2016-05-12 03:38 · Score: 1
  
  Sure, that's what you told your wife, anyway... "How did they get my email address?!? I've never even been to that website!" Truth is, they send you one email for each time you visited that day...
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
In-kind payments by swb · 2016-05-11 23:26 · Score: 1

I'm surprised the bounty isn't a chance to make a personal video with some kind of on-screen talent. It might attract more motivated participants.
But then again, it may cost them more than $25k to get talent to agree to shag a beardy programmer.
1. Re:In-kind payments by Locke2005 · 2016-05-12 03:36 · Score: 1
  
  Where you gonna find "on-screen talent" that's willing to sleep with a nerd? There are some things that people won't do for any amount of money!
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
2. Re:In-kind payments by swb · 2016-05-12 04:15 · Score: 1
  
  It's a question of tradeoffs. I mean, they find people who will willingly(?) let Rocco Siffridi jack them up the ass for 30 minutes.
  A nerd may be ugly, but they won't be hung like a horse or have more than 2 minutes endurance, and you can close your eyes or turn around and not look at them.
  Those 30 minutes with Rocco won't get easier with your eyes closed.
Re: Did someone launch a pornhub joejob on April 1 by Anonymous Coward · 2016-05-12 00:23 · Score: 1

That offer was only sent to regular site visitors.
Has to be said by Bruce66423 · 2016-05-12 00:32 · Score: 1

As this exercise may draw attention from a wider clientèle than the normal bug hunters.
There's a joke in there somewhere...
1. Re:Has to be said by Ol+Olsoc · 2016-05-12 00:59 · Score: 1
  
  As this exercise may draw attention from a wider clientèle than the normal bug hunters.
  There's a joke in there somewhere...
  Crotch crickets?
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Pornography enthusiasts? by rnturn · 2016-05-12 00:34 · Score: 2

Thanks for that. I needed a good laugh to start the day.

--
CUR ALLOC 20195.....5804M
Oh sure by GeekWithAKnife · 2016-05-12 00:47 · Score: 1

Security researcher Tom will definitely not carry out any DDoS attacks, or social engineering attacks or phishing attacks etc. non no none of those. That was something those other researchers did, Dick and Harry.

--
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
About to start my research by Anonymous Coward · 2016-05-12 00:48 · Score: 0

Just after one more porn...
All Joking aside by backwardsposter · 2016-05-12 01:27 · Score: 3, Insightful

Good for them
Re: Did someone launch a pornhub joejob on April 1 by damn_registrars · 2016-05-12 01:55 · Score: 1

You could have made a better joke of it than that, couldn't you?

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Re:pornography enthusiasts by Friggo · 2016-05-12 02:14 · Score: 1

I believe you should look up the definition of the word pervert before you label people.
Self Explanatory by Nyghtfall · 2016-05-12 02:45 · Score: 1

So, the company is trying to determine if the porn industry is susceptible to viruses? $50 minimum and chance to get the Clap - sounds like a deleted scene from Hangovers
User Accounts by Anonymous Coward · 2016-05-12 02:49 · Score: 0

Who makes a user account for a porn site? To what purpose?
1. Re:User Accounts by Locke2005 · 2016-05-12 03:35 · Score: 1
  
  Who PAYS for porn?!?
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
Re:pornography enthusiasts by Nyghtfall · 2016-05-12 02:58 · Score: 1

I can see the resume: I am involved with the church handbell choir, I serve as a counselor for under privileged kids, and I spend hours every day surfing PornHub for security flaws. So when would you like for me to babysit for you?
Stock Rise by Nyghtfall · 2016-05-12 03:01 · Score: 1

In other news: Jergens stock price tripled overnight as the demand for their hand lotion has lead to a new shortage. The experts are baffled as to what has led to the meteoric rise.
Happens every time by Locke2005 · 2016-05-12 03:34 · Score: 1

My wife looks at my browser history and asks, "Honey, what were you doing on PornHub?"
"Researching security flaws, of course, my darling!"

--
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Oops! by Locke2005 · 2016-05-12 03:41 · Score: 1

Did we say "bug bounty"? Sorry, we meant to say "big booty"! Join our big booty program, starting today!

--
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Re:pornography enthusiasts by Anonymous Coward · 2016-05-12 03:51 · Score: 1

Don't be so hard on yourself. (nyuk).
Seriously though if you're that anti, it's probably because you're a creepin' Jesus. And that's way, way worse.
Re:No one cares by Anonymous Coward · 2016-05-12 04:08 · Score: 0

Next time, don't post. Just fuck the hell off. Thanks bud.
Enthusiasts? Is that what they are calling it now? by UnknownSoldier · 2016-05-12 04:18 · Score: 1

> pornography enthusiasts
I was going to ask "Are there any other kinds?" but then I remembered the fundamentalists who hate it.
/Oblg. Internet is for porn
Re: Did someone launch a pornhub joejob on April 1 by Anonymous Coward · 2016-05-12 04:20 · Score: 0

Nope.
Interesting by sootman · 2016-05-12 06:39 · Score: 1

I wanted to find out more about the bug bounty program, so I went to pornhub.com but then I, uh, got distracted. That was 6 hours ago.

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Wrong focus by Anonymous Coward · 2016-05-12 06:39 · Score: 0

They should start with cleaning up their advertisers and not allowing malicious, "OMG! UR tablet is fullz of viruzes - click here before your system reboots itself to fixes them!" style ads, for starters.
1. Re:Wrong focus by Anonymous Coward · 2016-05-15 00:38 · Score: 0
  
  Non-porn websites refuse to clean up the ads they display, why should Pornhub be any different?
Re:Enthusiasts? Is that what they are calling it n by Livius · 2016-05-12 08:58 · Score: 1

They simply have a different kind of enthusiasm. How else are they going to get their fix of narcissistic self-righteousness?
Resume Entry by luis_a_espinal · 2016-05-12 09:02 · Score: 1

Pornhub is launching a bug bounty program for security researchers and pornography enthusiasts who are able to identify flaws on its platform.
Experienced with variable-load, multi-pronged penetration testing for detection (and plugging) of open ports with multiple penetration vectors. How would that sound? Because I don't know how I could keep a straight face if someone asks me about participation in such a program in an interview. Call me childish, but I would just smile like this at the interviewer : https://s-media-cache-ak0.pini...
Re: Did you just say Pornhub .. by tetraverse · 2016-05-12 10:45 · Score: 1

Your anonymous asshole is duly noted !