Cesar Cerrudo, founder and CEO of Argennis, a security consulting firm in Argentina, has demonstrated that IE s default features for intranet zones can be abused to wage attacks on internal Web applications both from the outside and from within the organization. The findings show how default settings can be used both to detect and exploit vulnerabilities in Web applications. Read the full story [argeniss.com, PDF], which is published by DarkReading.
Source: https://threatpost.com/ie-default-settings-exposes-intranet-attacks-041409/72600/