Researcher details attacks on intranets that abuse Internet Explorer 7 and 8 security default settings

Apr 13, 2009 | 02:54 PM
By Kelly Jackson Higgins
DarkReading

Internet Explorer 7 and 8's default security settings can be unsafe for internal, intranet-based Web applications, according to newly published research.

Cesar Cerrudo, founder and CEO of Argennis, a security consulting firm in Argentina, has demonstrated that IE's default features for intranet "zones" can be abused to wage attacks on internal Web applications both from the outside and from within the organization. Cerrudo has released his findings, which show how default settings can be used both to detect and exploit vulnerabilities in intranet applications.  [Comments... ]