Adobe, Apple and all Omniture clients are in a boat
Here is a copy of the comment I left on this post: Adobe ate me baby!!.
Disclaimer: I've been a happy Omniture customer for several years and they're providing good tools and services.
Amazing that almost everybody misses the right responsible third party: Omniture. Adobe is using Omniture SiteCatalyst to gather some simple web analytics, which, as explained in this post, are not always reduced to web pages visited with a web browser. Adobe has ZERO choice about which tracking server they have to use, all they can do is use Omniture's code exactly as provided to them. They cannot change it without losing support and, in fine, reliability in the stats. If you dig a bit deeper, you will find that 192.168.112.2o7.net does not resolve to a single IP but a set of dynamic IPs depending where you are, so Adobe has really NO choice about that (such as replacing this name with a numeric IP).
This said, the only criticable thing here is the "hack" used by Omniture in naming one of their tracking servers using what looks like a non-routable local IP. That question (and furor, hysteria, whatever) should be directed at Omniture, not Adobe.
This said, since all they gather boils down to simple web metrics akin to page views, errors, time to load, etc. (aggregate numbers they use to track patterns and issues with their apps, exactly as anyone serious would do with a web site), and since the Omniture trick would not fool many F*cking Stupid Firewalls™(*) out there, I for one would argue that 1) this is definitely much ado about nothing, 2) the rest will just be an exercise in crisis communication (which, unfairly, will be more painful for Adobe than for Omniture, thanks to clueless bloggers and journalists :p).
(*) I wonder how many of those who are up in arms about the 192.168.* trick bypassing (really stupid) firewalls, are also complaining that their company F*cking Stupid Firewall™ also prevents them to surf freely on the interwebs :p.
What we have here is more interesting, to me, in terms of crisis communication, specifically here how a little technical detail can degenerate in flames thanks to clueless calls to arms and blog echo chamber (for a good start, the story even got its own Slashdot glory). The short story is that Adobe is under fire because of a dubious choice of server name by a third party—Omniture—they use to gather usage metrics from their apps.
Technically speaking I'd argue that this name would not fool any properly configured router out there, since 192.168.112.2o7.net is NOT an IP address but a domain name that resolves to public, routable IP addresses (a pool of dynamic IPs, actually, as do all generic names of tracking servers from Omniture AFAIK). So no need to fear anything harmful.
In terms of communication, OTOH, it's a very different story as we see develop. When I see John Gruber using the word "disgrace" for seemingly masquerading a public server behind what looks like a non routable local IP address, or all the comments out there mentionning "192.168.*", the folks at Omniture must be looking at this very closely. Needless to say that all Omniture's clients must be looking at Omniture even closer right now. Because, as you can see, it's them on the front line at the moment, not Omniture.
As a former (and happy) Omniture client, who've seen this "*.2o7.net" name years ago without thinking of anything wrong at the time, I'd be curious to see how this further develops.
As a side note, exactly as I wrote three years ago that web analytics were moving away from standard web server logs analysis to hosted web beacons, the same technique is now becoming common for application usage analytics, as shown by Adobe in CS3 or Apple in iTunes. Since those apps are more and more connected and using web elements (Flash movies, HTML pages) for display, it's only natural for the marketing folks to want to use the same tools for watching usage patterns. This said, one may argue that monitoring what visitors do on your web site, is different from watching what they do with your application on their computer. this is an entirely different debate (and one may want to read those fineprints again, those that say you're only licensing the use of the application :p).