Gadget Gestures

Lets Gesture about Gadgets

Tuesday, December 1, 2020
Log in

$25K from Pornhub to Hackers

By Leave a Comment

"$25K from Pornhub to Hackers"

Pornhub to Hackers: Who’s in for $25K?

From Pornhub to hackers: “Who’s in for $25K?”

Tuesday, the popular pornography site Pornhub disclosed a hackers bounty program for site bug hacker hunting. Many jokes come to our mind, but the $25K figure is a money cold bucket of reality.

The site, owned by MindGeek, a Canadian private company, will pay ethical hackers dubbed white hat hackers to find vulnerabilities in their site and report the cracks to the administrators.

This program is being run on HackerOne, a start-up company capitalizing on bug bounty. The company began with Facebook and is now operating similar bug-finding programs for General Motors, Twitter, Dropbox, Yahoo, Uber and, you’ll never guess who else – yes, the United States Department of Defense.

Other security problem detection programs like HackerOne are gaining momentum because they can offer outside help for the internal teams working with code.

Synack and Bugcrowd are two of the companies running this type of programs. They work for sharks like Adobe, Snapchat or Square. Heavyweight tech companies like Microsoft and Google have also turned to bounty programs, but they have used their internal platforms for it.

Following the example of the “major tech players”, Corey Price, the vice president of Pornhub stated that they too want to tap into the existing hacking talent as a measure of precaution. This program would mean an addition to their development and security teams.

The bounty rewards range from $5 to $25.000. To receive the prize, hackers must report and detail the vulnerability with screenshots and code. This reporting should be, of course, disclosed only to the Pornhub admins.

More rules say hackers will not interrupt the porn service of the adult entertainment website, will not use automated tools, and the bug should be reported 24 hours after its discovery.

It would take the security team up to a month to reply and depending on the complexity of the bug, up to three months to fix it.

With 60 million – wait for it – daily visitors, Pornhub is the second most popular pornographic site in the world. Yes, almost 1% of the world is accessing this porn site alone, daily. No wonder they’re taking all the available help there is.

They’ve also been the target of someone’s malware before. An advertising malicious scheme attacked the site in November 2015. They recovered and learned from the mistake.

Now, who’s first to crack, not the porn site, but a joke on this $25K from Pornhub to hackers news?

Image source: Wikimedia 

Backoff Malware Used in Credit Card Breach Spreading Rapidly

By Leave a Comment

alert-beware-pos-malware-backoff-showcase_image-3-a-7276 (1)

The network security company Damballa has just released information claiming that the number of North American computes infected with the “Backoff” malware involved in the massive retail data breach has been rising sharply.

Between August and September, the internet security company noted an increase of 57 percent in Backoff infected devices. This malware software scrapes the computer’s RAM for any leftover credit card data whenever a payment card had been swiped, Brian Foster, Damballa CTO said.

This data stems, Damballa says, from ISP and enterprise customers which have used the traffic analysis products provided by the internet security company to detect any malicious activity. The company also has access to around 55 percent of the internet traffic throughout North America, DNS requests included. Forster noted, however, that for privacy reasons, the IP addresses of most of these computers are unknown to the company.

“We actually attribute the behaviors we see-as well as the domain names and IP addresses that malware is looking up- to threat actors and threat groups” Foster said.

Damballa uses a Hadoop cluster at its headquarters in Atlanta to analyze the DNS requests in question. It then classifies these requests as either good or potentially malicious, depending on the servers being contacted.

“We track a set of domain characteristics and domain names that are related to Backoff, and its looking at the volume of those lookups that shows us the increase.:

Foster added.

Backoff has already caused several retail industries to struggle to contain attacks that have targetted payment card data. Big-name companies such as Home Depot, Target or Dairy Queen have all been Backoff victims. Moreover, the Department of Homeland Security issued a warning in August, saying that as many as 1000 enterprise and small-business networks could already be infected with the malware but not be aware of it.

Damballa has added visibility into the networks of those companies using its services and as such, it enables the security company to warn those possibly infected. For ISP’s using their services, Damballa can issue alerts so that the ISP can announce its customers that they have been infected.

Foster explained that ISP’s have already begun alerting their customers because of a desire to avoid government regulation. Moreover, they want to make sure that their networks perform perfectly, since they offer high-bandwidth entertainment services, Foster said.

“They see security as an enabler for a lot of their other business practices.”

added Foster.