Category Archives: Pornhub

News – Paul’s Security Weekly #522

Posted on by

Russians on PornHub, dirty songs on the radio, Windows security protocol vulnerabilities, tomato plant security, and more security news! Paul’s Stories[edit] Amazons Prime Day Won Shopping on Tuesday Tomato-Plant Security Dial S for SQLi: Now skiddies can order web attacks via text message No big deal. You can defeat Kaspersky’s ATM antivirus with a really […]

The post News – Paul’s Security Weekly #522 appeared first on Security Weekly.

Continue reading News – Paul’s Security Weekly #522

Porn sites are giving up on Adobe Flash – and who can blame them?

Posted on by

Motherboard reports:

On Tuesday, porn site Pornhub said it would be ditching all Flash content from its site, opting instead for HTML5, the most recent version of the web language that offers more support for multimedia content. Since hackers have had a number of successes at compromising porn sites, it’s notable that one of the largest is taking this step, albeit when Flash is already on its last legs.

“It was just a matter of time until we switched, as HTML5 is becoming the standard across platforms. Now makes the most sense as Google and Firefox are slowly pushing Flash support out of their browsers. Plus HTML5 has improved security, better power consumption and it’s faster to load,” Corey Price, vice president of Pornhub, told Motherboard in an email.

“All adult sites should make the transition to HTML5. Flash is nearly dead,” he added.

Ahh, la petite mort

It has been a long and lingering death, but when Adobe Flash is finally gone for good, please don’t send any flowers. We’re well rid of it.

If you’re bold enough to still be using the internet with Flash enabled please enable “Click to Play” at the very least.

But if you want to enter the brave new world of a Flash-less world, here is our guide on how to uninstall it from your computers.

Continue reading Porn sites are giving up on Adobe Flash – and who can blame them?

Happy ending for Pornhub after vulnerability researchers gain access to entire user database

Posted on by

The Register reports:

A trio of hackers have gained remote code execution powers on servers used by adult entertainment outlet Pornhub, using a complex hack that revealed twin zero day flaws in PHP.

Google sofware intern and security boffin Ruslan Habalov (@evonide) detailed the Return Orientated Programming hack in detailed debriefing explaining how he and fellow hackers @_cutz and Dario Weißer @haxonaut gained access to the entire Pornhub database including sensitive user information.

Regular readers will recall that earlier this year Pornhub announced its bug bounty program, asking vulnerability researchers to help harden its security.

The researcher threesome rose to the challenge, and earned themselves a tasty US $20,000 from Pornhub for their efforts. The Internet Bug Bounty threw an extra US $2,000 into the mix for the discovery of the PHP zero-day vulnerabilities.

In the wrong hands, vulnerabilities like these could have caused enormous damage to the x-rated website and its many clandestine users, as well as potentially other sites too.

So, a happy ending all round.

Continue reading Happy ending for Pornhub after vulnerability researchers gain access to entire user database