Hacker News new | comments | show | ask | jobs | submit login

This is a perfect example of what an attacker could do with your browser. If you can get a user's browser to run code, as this site demonstrates there is a lot of information you can find. And coupled with a Cross-Site Request Forgery, you could get access to a bunch of things. If your home router has a vulnerability that bypasses authentication and allows you to execute commands on the router or similar (which is not uncommon, home router security is awful), you could get a foothold into the network just by sending someone a email with links that they are likely to click on.

Note to the author: I am not entirely sure how the WebRTC connection gets you a local IP, it seems to be connecting to stun:stun.services.mozilla.com. Anyway,that grabs the wrong local address for me, and gets the IP of my docker0 interface, perhaps it could grab more IPs, or is it just displaying the first one it finds?

Edit: Oh, the getIP function just calls the callback on the first candidate it finds.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: