Monday, 20 February 2017

Porn Sites Are Finally Getting the Right Idea on Bug Bounties

Last week free pornography site YouPorn announced its own bug bounty program—where hackers and researchers can disclose vulnerabilities to the website and receive cash payouts.

For some, it may not be immediately obvious why a site that predominantly caters to users who don't pay any money would need such a program. But, porn sites are an attractive target for hackers, and have suffered huge data breaches in the past.

"Researchers are eligible to qualify for a reward if they are the first to responsibly disclose an unknown issue through the site's HackerOne page; YouPorn's security team has 30 days to respond to the report, and up to 90 days to implement a fix based on the severity of the report," YouPorn wrote in a press release last week. HackerOne is a service that streamlines the bug bounty process. Instead of a company having to handle submissions and tracking issues all by itself, HackerOne provides a site to keep it all together.

And the site has already helped other large porn sites fix critical vulnerabilities. In 2016, researchers were able to gain remote code execution on PornHub and earned $20,000. With that, the hackers said they could have obtained the complete database of the site, including all sensitive user information; track user behaviour on the site; leak the source code of PornHub.com; and move further into the company's network. (The researchers didn't actually do any of those things, as they would be outside the scope of the bug bounty programme). In all, PornHub has paid $161,770 worth of bounties at the time of writing.

Some porn sites do fall victim to more malicious hackers, though. Last year, hackers made off with 230,000 user account details from site Team Skeet. Shortly after, a hacker advertised millions of user accounts from Naughty America, a large porn network that consists of over 40 individual sites. A forum for Brazzers users also suffered a data breach, and perhaps most embarrassingly of all, hackers stole data from a site focusing on "extreme anal dilation and anal fisting."

Although long overdue, the uptake of bug bounties on porn sites can only be a good thing for users.



from Porn Sites Are Finally Getting the Right Idea on Bug Bounties

No comments:

Post a Comment