The Register has a story on a design flaw in most home routers that allows attackers to remotely control the devices and re-direct the user to fraudulent sites or turn the router into a zombie machine. This flaw, discovered by Petko D. Petkov, is discussed in detail at his blog at GnuCitizen and there is also a FAQ. The exploit works even if a user has changed the default password of the router. And it works regardless the operating system or browser the computer connected to the device is running, as long as it has a recent version of Adobe Flash installed. The problem resides in Universal Plug and Play (UPnP) not using any authentication. By exposing an end user to a malicious Flash file lurking on a website, attackers can use UPnP, to make significant modifications to the router. Routers made by Linksys, Dlink and SpeedTouch have been confirmed to be vulnerable, and other manufacturers' products are also likely susceptible to attack. The only way to prevent an attack is to turn UPnP off.