Archive for the ‘Porn’ Category

Threats Against Democracy – Try Threats Against “Innocent” Users

Monday, August 1st, 2016

After posting about truth telling being a threat to democracy, in the eyes of some, I encountered: Facebook Phishing Scam Using Pornographic Images to Steal Login Data, which reads in part:

There is no way to stop cyber criminals from stealing login credentials of innocent social media users — Recently, one of the HackRead’s writers found a Facebook phishing scam targeting users and stealing their login data. What makes this phishing scam dangerous is the fact that apparently non of the phishing filters have detected any wrongdoing with the links used in this campaign.

Cyber criminals behind this scam have three motives one is to steal users’ login credentials, the second is to get some likes on their Facebook page and third is to profit financially. It starts with scammers posting a link in the comments section of several Facebook groups with a large thumbnail of a nude girl but to make it look like a legit link scammers also mention that video already got hundreds of comments, shares plus thousands of views. The description on the link goes something like this ”groups teen-girl-japannese-18-[retracted]–010 Click HERE to view video recorded 2.381 Likes, 749 Comments, 9.185 Views, 571 Share.”

Now there’s a serious security issue!

Taking advantage of users who are surfing Facebook for porn.

Talk about fishing (sorry) in the shallow end of the security pool.

Hard to say what other access could be leveraged using Facebook logins of such users.

Nuclear launch computers, remote admin at NSA, White House switchboard, free pizza line at Papa Johns. I take that back, Papa Johns probably has better OpSec than the others I mentioned. (That’s sarcasm for all the literalists in the crowd.)

Phishing With Pornography would make a great book title but I don’t know what sort of animal(s) should go on the cover. (Something from National Lampoon perhaps?)


PS: If you think this indicates I have little sympathy for victims of pornography-based phishing schemes, take a point for your house.

PornHub Payday! $20,000!

Monday, July 25th, 2016

PornHub Pays Hackers $20,000 to Find Zero-day Flaws in its Website by Wang Wei.

From the post:

Cyber attacks get bigger, smarter, more damaging.

PornHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded.

Now, it turns out that the world’s most popular pornography site has paid its first bounty payout. But how much?

US $20,000!

Not every day that a porn site pays users!

While PHP has fixed the issue, be mindful there are plenty of unpatched versions of PHP in the wild.

Details of this attack can be found at: How we broke PHP, hacked Pornhub and earned $20,000 and Fuzzing Unserialize.

Any estimate of how many non-patched PHP installations are on sites ending in .gov or .com?

107,000 Anal Fisting Aficionados But No Senate Torture Report

Thursday, May 12th, 2016

Huge embarrassment over fisting site data breach by John Leyden.

From the post:

A data breach at a forum for “anal fisting” has resulted in the exposure of 107,000 accounts.

Of course, ‘;–have i been pwned? plays the “I know something you don’t” game, loads the data but blocks searching.

I didn’t look hard for the data dump but for details sufficient to replicate this hack, see:

Another Day, Another Hack: Is Your Fisting Site Updating Its Forum Software? by Joseph Cox.

Quick search shows there are about 15K reports (including duplicates) on exposure of these 107,000 anal fisting aficionados.

It’s mildly amusing to think of the reactions of elected officials, military officers, etc., caught up in such data breach (sorry) but where is the full U.S. Senate Torture Report?

If you are going to risk jail time for hacking, shouldn’t it be for something more lasting than a list of anal fisters?

Is there a forum for nominating and voting on (anonymously) targets for hacking?

PS: Leaking data to ‘;–have i been pwned?, the International Consortium of Investigative Journalists or Wikileaks, etc., only empowers new exercises of privilege. Leak to them if you like but leak to the public as well.

Hunting Bugs In Porn Site (or How to Explain Your Browsing History)

Wednesday, May 11th, 2016

Pornhub Launches Bug Bounty Program; Offering Reward up to $25,000 by Swati Khandelwal.

From the post:

The world’s most popular pornography site PornHub has launched a bug bounty program for security researchers and bug hunters who can find and report security vulnerabilities in its website.

Partnered with HackerOne, PornHub is offering to pay independent security researchers and bug hunters between $50 and $25,000, depending upon the impact of vulnerabilities they find. (emphasis in the original)

As always, there are some exclusions:

Vulnerabilities such as cross-site request forgery (CSRF), information disclosure, cross domain leakage, XSS attacks via Post requests, HTTPS related (such as HSTS), HttpOnly and Secure cookie flags, missing SPF records and session timeout will not be considered for the bounty program.

I take “information disclosure” to mean that if your hack involves NSA credentials it doesn’t count. Well, you can’t make it too easy.

The program is in beta so see Swati’s post for further details.

This PornHub program benefits people asked awkward questions about their browsing history.

Yes, you were looking at PornHub or related sites. You were doing “security research.”

Being in HR or accounting may make that claim less credible. 😉

Applauding The Ends, Not The Means

Friday, August 15th, 2014

Microsoft scans email for child abuse images, leads to arrest‏ by Lisa Vaas.

From the post:

It’s not just Google.

Microsoft is also scanning for child-abuse images.

A recent tip-off from Microsoft to the National Center for Missing & Exploited Children (NCMEC) hotline led to the arrest on 31 July 2014 of a 20-year-old Pennsylvanian man in the US.

According to the affidavit of probable cause, posted on Smoking Gun, Tyler James Hoffman has been charged with receiving and sharing child-abuse images.

Shades of the days when Kodak would censor film submitted for development.

Lisa reviews the PhotoDNA techniques used by Microsoft and concludes:

The recent successes of PhotoDNA in leading both Microsoft and Google to ferret out child predators is a tribute to Microsoft’s development efforts in coming up with a good tool in the fight against child abuse.

In this particular instance, given this particular use of hash identifiers, it sounds as though those innocent of this particular type of crime have nothing to fear from automated email scanning.

No sane person supports child abuse so the outcome of the case doesn’t bother me.

However, the use of PhotoDNA isn’t limited to photos of abused children. The same technique could be applied to photos of police officers abusing protesters (wonder where you would find those?), etc.

Before anyone applauds Microsoft for taking the role of censor (in the Roman sense), remember that corporate policies change. The goals of email scanning may not be so agreeable tomorrow.

Sex and Big Data

Tuesday, February 4th, 2014

Sex and Big Data

A project to bring big data techniques to sexuality.


XHamster – approximately 800,000 entries.

Xnxx – approximately 1,200,000 entries.

I may have just missed it but you would expect a set of records from the porn videos on YouTube and Reddit. To say nothing of UseNet in the alt-sex-* groups.

Maybe I should post a note to the NSA. I am sure they have already cleaned and reconciled the data. Maybe they will post it as a public service. 😉


Saturday, February 1st, 2014


PornGram is an n-gram program that plots the evolution of word frequencies in almost 800,000 porn video titles from 2008 – 2012.

It will display random pairs of words or you can enter words separated by a comma.

It’s too bad that speech recognition isn’t good enough (I suppose) to transcript 800,000 porn videos. 😉

I first saw this in a tweet by Gregory Piatetsky

Porn capital of the porn nation

Sunday, January 12th, 2014

Porn capital of the porn nation by Gianluca Baio.

From the post:

The other day I was having a quick look to the newspapers and I stumbled on this article. Apparently, Pornhub (a website whose mission should be pretty clear) have analysed the data on their customers and found out that the town of Ware (Hertfordshire) has more demand for online porn than any other UK town. According to PornHub, a Ware resident will last 10 minutes 37 seconds (637 seconds) on its adult website, compared with the world average time of 8 minutes 56 seconds (just 536 seconds).

Gianluca walks you through data available from the Guardian with R, so you can reach your own conclusions.

I need to install Tableau Public before I can download the data set. Will update this post tomorrow.



I installed Tableau Public on a Windows XP VM and then downloaded the data file. Turns out with the public version of Tableau there is no open local file option but if you double-click on the file, it will load and open.

Amusing but limited data set. Top five searches, etc.

The Porn Hub Stats page has other reports from the Porn Hub stats crew.

No data downloads for stats, tags, etc., although I did post a message to them asking about that sort of data.

I have just started playing with it but Tableau appears to be a really nice data visualization tool.

Deep Inside: A Study of 10,000 Porn Stars and Their Careers

Saturday, February 16th, 2013

Deep Inside: A Study of 10,000 Porn Stars and Their Careers by Jon Millward.

From the post:

For the first time, a massive data set of 10,000 porn stars has been extracted from the world’s largest database of adult films and performers. I’ve spent the last six months analyzing it to discover the truth about what the average performer looks like, what they do on film, and how their role has evolved over the last forty years.

I can now name the day when I became aware of the Internet Adult Film Database, today!

When you get through grinning, go take a look at the post. This is serious data analysis.

Complete with an idealized porn star face composite from the most popular porn stars.

Improve your trivia skills: What two states in the United States have one porn star each in the Internet Adult Film Database? (Jon has a map of the U.S. with distribution of porn stars.)

A full report with more details about the analysis is forthcoming.

I first saw this at Porn star demographics by Nathan Yau.