Hackers are finding all kinds of vulnerabilities in web browsers, and using them to break into pretty much any system they want to. PCWorld reports that Dan Kaminsky, Director of Penetration Testing at IOActive, showed how a Web-based router attack could easily be carried at an RSA security conference in San Francisco. According to the article, this type of attack would work on pretty much any router out there, including those sold by Linksys and D-Link.

Most consumers forget to change the default password on their router, which basically makes them vulnerable to a DNS rebinding attack. This type of attack takes the victim to a malicious site that loads JavaScript code to the browser, and changes the settings on the router's Web-based configuration page. The script could also force the router to download firmware, which is another way intruders gain complete control, and access into anything in the network.

Kaminsky says the problem is not with the router itself, but with the browser. Users who don't change their router's passwords are taking their chances, so change make sure your password is not easy to crack to prevent this.

Our Yahoo! Tech experts have written about router security before, so check out these articles if you need some help.

Logging into Your Access Point the First Time
Step By Step: How to Protect Your Wi-Fi Network
How to Reset a Wireless Router
Wi-Fi Security Made Easy