I always thought my router and firewall combo with its twinkling green lights was actually on my side in the fight against internet baddies. I may have to rethink this.
The Register has an interesting and slightly alarming item on a possible means to compromise home internet routers. It revolves around UPnP (Universal Plug and Play) that is usually enabled on these devices by default.
All you need to do is lure someone to a web site - get them to view a specially crafted, dodgy Flash file and bingo - if they have a recent version of Flash installed - instant access to the router. So - an attacker could then start redirecting web requests
to fraudulent sites for example.
And yes it's cross browser and cross platform -
read the full story.