Set your router’s password!

Over at CNET there is an article about malicious javascript taking advantage of the fact that routers from Linksys, D-Link, Netgear who knows who else have known, default passwords.

This hack uses your web browser to log in to your router using the default password and reprogram your router to use the hackers Domain Name Server! This means when you type in say www.citibank.com you are taken to the hacker’s server, not your banks!

(Mom, you are fine, we’ve changed your password)

I’ve often commented on the fact that while default passwords are necessary, a router should not function until the password is changed from the known default. Your web browser should take you to, minimally, a screen saying you need to change the password.

On Macs with Airport, Apple could insist this as well and then popping up a nice dialog at any internet access attempt.

Change your router password if you have not!