Scott McGready 🐿🏴󠁧󠁢󠁳󠁣󠁴󠁿 · Oct 8, 2020 · 5:49 PM UTC

Scott McGready 🐿🏴󠁧󠁢󠁳󠁣󠁴󠁿

8 Oct 2020

Scenario: You find a website that’s compromised, being used to host malicious files/phish people. There’s a shell used by the attackers, still there and doesn’t need auth to use. What do you do?

17% Use shell to clean site

7% Do nothing

50% Only contact site owner

26% Other/show answers

1,799 votes • Final results

Andy Steingruebl @asteingruebl@infosec.exchange · Oct 8, 2020 · 10:57 PM UTC

Andy Steingruebl @asteingruebl@infosec.exchange @asteingruebl

8 Oct 2020

The CFAA doesn't really have a Good Samaritan clause... to the best of my knowledge.

Bil Corry · Oct 9, 2020 · 5:58 AM UTC

Bil Corry · Oct 9, 2020 · 5:58 AM UTC

Bil Corry @bilcorry

9 Oct 2020

Replying to @PogoWasRight @asteingruebl @ScottMcGready @OrinKerr @TorEkelandPLLC @EFF

Don’t know the answer, but it isn’t a new problem. link.springer.com/chapter/10…

Oct 9, 2020 · 5:58 AM UTC