Another reason why you shouldn't install Sun Java on your computer.

[John Corliss]

Check out the stuff under "Internal IP" on this page:

http://www.auditmypc.com/internal-ip.html

Until Sun Microsystems does something to tighten up Java's security, I
won't have it on my system. By the way, my system passed AuditMyPc.com's
test with flying colors:
____________________________________________________
Your system reports that your external IP is (removed)
but is correctly hiding your internal ip (more)

You Passed! This is the ideal configuration and you Passed this Test!.
____________________________________________________

 

[Gabriele Neukam]

On that special day, John Corliss, ([email protected]) said...

Check out the stuff under "Internal IP" on this page:

http://www.auditmypc.com/internal-ip.html

Interesting. The site tells me, I am currently 84.172.221.40
externally; but where is my *internal* address? After all, the last one
I see, is 192.168.0.n; but mine is *different*.

I am using an Edimax router, which sits between my onboard network chip
and the DSL splitter, and does some NAT.


Gabriele Neukam

(e-mail address removed)

 

[Allan Bruce]

Check out the stuff under "Internal IP" on this page:

http://www.auditmypc.com/internal-ip.html

Until Sun Microsystems does something to tighten up Java's security, I
won't have it on my system. By the way, my system passed AuditMyPc.com's
test with flying colors:
____________________________________________________
Your system reports that your external IP is (removed)
but is correctly hiding your internal ip (more)

You Passed! This is the ideal configuration and you Passed this Test!.
____________________________________________________

Well it didnt give me my internal address, I refreshed the page loads too,
but still not my address. I had a look at the source code of the web page -
doesnt seem to be anything there that would do what it reckons. Besides,
what is so bad if someone does get your interal IP address? I be about 50%
of the home-user world will have 192.168.0.1 as that is what windows makes
for internet connection sharing.

Allan

 

[Aaron]

If you are really worried about this, you shouldn't have Java period
(not just Sun or Microsoft's), You would also turn off javascript.

In my view, this leak isn't a big deal.

 

[*ProteanThread*]

agreed. you don't need java (sun or microsofts) for a website to get
your IP address.

 

[wald]

Check out the stuff under "Internal IP" on this page:

http://www.auditmypc.com/internal-ip.html

Until Sun Microsystems does something to tighten up Java's
security, I won't have it on my system.

If every known Java bug is a reason for you *not* to install a JRE,
then why are you running Windows?

No disrespect intended, not at all, but with this reasoning you
couldn't install *any* software, since no program is bug-free. Every
extra program on your system increases to the number of possible
ways your system could be exploited.

Regards,
Wald

 

[Wishmaster]

agreed. you don't need java (sun or microsofts) for a website to get
your IP address.

A website can get your IP address even if you´ve disabled ALL features on
your browser. It's on their logs, after all.

 

[John Corliss]

If every known Java bug is a reason for you *not* to install a JRE,
then why are you running Windows?

No disrespect intended, not at all, but with this reasoning you
couldn't install *any* software, since no program is bug-free. Every
extra program on your system increases to the number of possible
ways your system could be exploited.

Guess I'm still pissed off over that Redsherrif incident.

 

[Aaron]

I suppose technically, a website shouldn't get your internal IP
address. NAT should be sufficient to shield it. But Java breaks the
rule.

But as someone already pointed out, it's no big deal, and besides
there isn't much they can do to exploit this anyway. I'm not even sure
if it's a bug, it's more like a legimate feature.

It's a different matter if you are trying to hide your external ip
address via a remote proxy, Then you should definitely turn off Java
and javascript, since those can exposure your real ip.

 

[kara mc weeney]

Check out the stuff under "Internal IP" on this page:

http://www.auditmypc.com/internal-ip.html

You must have your network misconfigured something bad, pudgie. *My*
internal ip didn't show. Best batten down your hatches pronto before
those evil trolls infiltrate your crack sales database! LOL!

 

[kara mc weeney]

No disrespect intended

Bue there should be.

 

[Derald]

If every known Java bug is a reason for you *not* to install a JRE,
then why are you running Windows?

Hey! This is no place for logic. Disregarding that the whole
exercise is totally pointless, I do find it interesting that the same
FUD site relies on the dangerous Java for its "speed test"; go
figure....

 

[Richard Steinfeld]

Guess I'm still pissed off over that Redsherrif incident.

John, please explain.
After losing a lot of time trying to figure out why my computer was
acting screwy when dealing with my regional public broadcasting gorilla,
KQED, I traced the problem squarely to their use of RedSheriff and
diversion to various imrworldwide sites. Only after asking them directly
did KQED own up to using this. Later, they put a few paragraphs about
this on their privacy page.

When the time came for a pledge drive, I called and told them why I
wasn't donating.

So, what happened to you?

Richard

 

[kara mc weeney]

Hey! This is no place for logic. Disregarding that the whole
exercise is totally pointless, I do find it interesting that the same
FUD site relies on the dangerous Java for its "speed test"; go
figure....

*ROARING APPLAUSE*

 

[John Corliss]

John, please explain.
After losing a lot of time trying to figure out why my computer was
acting screwy when dealing with my regional public broadcasting gorilla,
KQED, I traced the problem squarely to their use of RedSheriff and
diversion to various imrworldwide sites. Only after asking them directly
did KQED own up to using this. Later, they put a few paragraphs about
this on their privacy page.

When the time came for a pledge drive, I called and told them why I
wasn't donating.

So, what happened to you?

I'm always scanning my files for unidentified garbage that shows up.
It's been a long time since this happened and my memory is a little
vague, but I had Sun Java installed and noticed this file named
"Redsherrif" something or other in one of the Java subfolders. Then I
went looking on the internet to research the file and found out it was
spyware. At that point, I realized that Java could work around my
firewall and be exploited, also that they (Sun Microsystems) had no
intention of doing anything about the problem. Java immediately came off
my system and it hasn't been back since.

 

[Vic Dura]

Java immediately came off
my system and it hasn't been back since.

Good move.

 

[John Corliss]

Good move.

Well, what I don't understand is that Microsoft Java remains on my
system, yet no problems with that.

 

[Chrissy Cruiser]

Hey! This is no place for logic. Disregarding that the whole
exercise is totally pointless, I do find it interesting that the same
FUD site relies on the dangerous Java for its "speed test"; go
figure....

If you live in some non real world, you don't need Java. If you carry
online banking, and a host of other necessary sites, it's either java or
bust.

 

[Obbop]

If you are really worried about this, you shouldn't have Java period
(not just Sun or Microsoft's), You would also turn off javascript.

In my view, this leak isn't a big deal.

It is if it's what the latest TV commercial is touting..... BLADDER
LEAKAGE!!!!!!

EEEEEEEEEEK!!!!!!!!!!

ACKKKKKKK!!!!!!!!!!!!!!!

 

[John Corliss]

In answer to this, at least my system is currently without spyware,
viruses or Trojans. When I had Java, I had RedSherrif and no way to stop it.

If you live in some non real world, you don't need Java. If you carry
online banking, and a host of other necessary sites, it's either java or
bust.

Heh. I live on earth and I don't need either online banking or Java. In
addition to that, I've yet to see a website that requires Java and
demands that I activate it.

When I had Java, all I used it for were a couple of basically useless
little Java programs that I never ran.

If you know of some good website that I'm missing out on and which
requires Java, I'm curious to hear about it.