That is not a serious problem. How they do that? That page contains a Java applet that attempts to connect to the originating server using port 80 (http) and gets the address from the resulting TCP socket. This is allowed by all Java security policies and port 80 is open by default on all firewalls. Maybe Keith's suggestion works, I didn't tried to hide that address. No windows patch will prevent the address from being revealed, that "vulnerability" is cross-platform (e.g. Firefox under Linux) but no one takes it seriously. Why? Because it's not a real problem. If a hacker learns about the address that's all he/she will ever get. Since 192.168.x.x is non-routable and you are behind a NAT gateway (router) the hacker is still incapable to make a connection to your computer.

The fact that auditmypc.com thinks otherwise is quite strange. As far as I know, they don't try to push some commercial product. The same site says 'all is OK' if someone have a static and routable IP address (that's way more dangerous)!

• Reply or follow-up to this message

• Search this forum
• Start a new thread on a different subject

• Report abuse of the forum