Roberto, It's just plain arrogant to assume that everyone has a firewall of some description in place and properly configured.
...and sure, you could find out my IP by looking a cached version of one of my posts here but it's highly unlikely that a scammer is going to do that. People like that write generic scripts to go out and harvest email, IP addresses and other personal information. By making them publically available, you're just making it easier for them to get into your life and **** you over.
As for the email address thing - honestly, how many of you would have seen that mail (offering you a part you were urgently after) and called that number thinking it was a mobile? I'm willing to bet quite a few.
Sean, really, exactly how many people who've been scammed or have gotten a virus do you think know where the entry point for the attack was? If £500 dropped out of your account tomorrow, would you know how it happened?
What some of you fail to understand is that it's not about the identifying information an IP address can give, it's that it is a route to your PC which may or may not have many open doors.
Let me just drop a little scenario on y'all...
-Your IP is visible here
-It gets harvest by a malicious crawler
-Although you probably have a dynamic IP address, you probably haven't rebooted your modem/router for quite some time so the chances are, it's still the same.
-A port scan ensues and due to a previous infection opening firewall ports via upnp or you not having a firewall of any description turned on for whatever reason or due to you misconfiguring it or etc. etc. etc. etc., the scanner finds an open port which has something exploitable listening behind it.
-or-
-Your email address is visible here
-You get a legitimate looking email, click a link or a download, your AV software might be off or crap, you get infected.
-Now there's something on your computer, watching what you're doing and, oh look, you've not checked that website you're buying that new turbo wistler from properly have you, it's sent your details out over a http connection instead of a https connection and that something hiding on your computer saw that too because it wasn't encrypted - although even https can be broken now, with time.
-Now it has your address and card details, everything it needs to take your card to the limit.
-It also has your name and, as registering on some sites and forums requires your DOB and rarely is that information sent encrypted, it now has everything it needs to do some identity theft and obliterate your credit rating.
Sure, the chances are the worst that will happen is a bit more spam and the odd virus attempt...but why take the risk? This is how this stuff happens.
...and you lot are having a pop at me when I'm trying to help you? There was a reason I said don't comment if you don't know what you're talking about - I wasn't trying to be king ding-a-ling, I was trying to make sure ill-informed people didn't give out bad advice to naive people.
Now I'm sure a few of you will now chime in and say "i'm not naive, i can spot a dodgy email" or "well, my firewall(s) is/are always on, my av is up to date, i don't get viruses" etc. etc. Great, good for you, pat on the back and all that but open your mind for a minute and think of the people who have no clue about this kinda thing and can barely "work the internet" let alone spot a scam email or check their firewall is on or av is up to date. Hell, they might still be using IE5 and Windows 98 - you might laugh at that but roughly 1.5% of internet users are using pre-XP Windows OS's and most of them on pre-IE6 browsers - how many of them do you think know about av and firewalls?
Finally, no, I'm not 1st line. My role involves software development, web development, network admin, server admin and security.
