February 22, 2012, 2:35 PM —
Some stories make you want to wash your hands afterward. With others it's simpler to just wear vinyl gloves while you type.
This is one of the latter.
A hack that penetrated the user database at YouPorn, one of the largest free porn sites on the web, became public knowledge this week when some user data, including email addresses and were posted on Swedish web forum Flashback.org.
The sample that was published there is a subset of the data that was stolen – more than a million user names and passwords from YouPorn's chat section at chat.youporn.com. The chat site was taken down yesterday.
The hack didn't need to probe the most secure dataspace on the YouPorn site, according to EuroSecure, a Swedish security distributor that analyzed the breach.
Sometime around November, 2007, a "careless programmer" left the debug logging function turned on on the main YouPorn server farm, according to Anders Nilsson, CTO at EuroSecure.
Debug logging is usually turned off after the last round of update testing during any web server migration, but this one, somehow, was not,
Worse than just collecting performance data and configurations, the debug log collected copies of every new registration at the site since it was turned on.
Debug logs are typically available through publicly accessible URLs, so programmers testing the site can examine the results without having to log directly into the server.
