Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pornhub Launches Bug Bounty Program With Rewards Up To $25,000 (techweekeurope.co.uk)

Posted by BeauHD on from the 18-years-of-age-or-older dept.

Mickeycaskill quotes a report from TechWeekEurope UK: Pornhub is launching a bug bounty program for security researchers and pornography enthusiasts who are able to identify flaws on its platform. Hunters will be paid a minimum of $50 for each vulnerability discovered, with up to $25,000 on offer for particularly vicious flaws, although the site notes that 23 reports have already been resolved. Successful applicants to the scheme will need to be the first person to responsibly disclose an unknown issue, which the Pornhub security team has 30 days to respond to, and up to 90 days to implement a fix base on the severity of the report. However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company's offices or data centers. Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.

13 of 77 comments (clear)

  1. Cash, sure ... by daveime · · Score: 2

    ... but not something you're going to be able to put on your CV, not justify with the wife ... "I'm not browsing porn, I'm doing security research!"

    1. Re:Cash, sure ... by Anonymous Coward · · Score: 5, Funny

      "It was just a penetration test, I swear! I used protection!"

    2. Re:Cash, sure ... by Anonymous Coward · · Score: 3, Informative

      Pornhub is owned by a media conglomerate with a pretty unoffensive name. Regardless, working as a dev / pentest (yea, haha) for a porn site/application is not ill received in the industry. It's not as glorious as being an SDE for a big 4 but many of those sites have interesting scalability issues and other interesting problem spaces. From all of my reading (mostly on /r/cscareerquestions) it seems like working for one of these companies is perfectly acceptable and the office environment is very similar to any other.

    3. Re: Cash, sure ... by drew_kime · · Score: 4, Interesting

      I have a relative who worked for a porn site. He focused on cross-browser JavaScript performance and security. He said the porn sites are a couple of years ahead of most online banking sites, and respond to updates and vulnerabilities much faster.

      --
      Nope, no sig
  2. Obvious Restrictions by mentil · · Score: 4, Insightful

    However there are some restrictions, such as users not being allowed to carry out Denial of Service (DDoS) attacks on Pornhub, or even carry out physical attacks on the company's offices or data centers. Social engineering tactics are also not allowed, such as phishing attacks against Pornhub employees, and researchers are not allowed to compromise user accounts.

    This should be obvious, as it's a BUG bounty. That is, the point is to find and fix bugs in computer code, not to recite a Security 101 list of potential attack vectors. However, given that pen testers use social engineering, and probably some try to sneak into offices to test physical security, it makes sense to clarify that it's bugs only and not full pen testing. DDoS isn't even really fixable, just mitigatable.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  3. Re:No, they are connoisseurs by lister+king+of+smeg · · Score: 2

    ... They are perverts ...

    Au contraire, they are connoisseurs of the art of eroticism

    tomayto, tomahto

    --
    ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
  4. Re:Porn bugs? by tinkerton · · Score: 2

    I'm not going to click on that link but fer shure someone had to verify if rule 34 applied..

  5. Why does Pornhub look for bugs? by Rosco+P.+Coltrane · · Score: 2

    Too many pornstars have crabs?

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  6. Oh no! by hcs_$reboot · · Score: 2

    Really didn't want to go there, but if it's for a good cause, bug hunting....

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  7. Slashvertisement by Anonymous Coward · · Score: 2, Funny

    Do you love cracks and want to penetrate deep using the right vulnerabilities? Are you the brute force type? Can you pull the right string to let you inject what you want inside? Have you ever hit it with so much in the right spot that it just burst and overflowed, opening wider and letting you do whatever you wanted to it? If so, then Pornhub is the place for you to come and practice your skills.

  8. Pornography enthusiasts? by rnturn · · Score: 2

    Thanks for that. I needed a good laugh to start the day.

    --
    CUR ALLOC 20195.....5804M
  9. Re:Ladies and Gentlemen ... it's an AD CAMPAIGN by 110010001000 · · Score: 3, Funny

    Slashdot is declining too. Yet I visit every day!

  10. All Joking aside by backwardsposter · · Score: 3, Insightful

    Good for them