Hmm... yeah, cause grandma and mom and dad and your aunt susan and brother-in-law phil all know what firmware is and what "update your firmware" means. Is this guy releasing the hack going to go into the millions of homes that currently use these routers and upgrade them? No? Even if Linksys and Netgear and everyone updates their products, the defective products will still exist in peoples homes. Is this researcher going to refund everyone the money they spent on insecure routers so they can buy new routers? No?
Then I guess all this asshole has done is give script kiddies more tools to hack unsuspecting individuals. Way to go, like we need more dickheads in the world.
all they have do really is have a feature (for new firmware/routers) that you cant have internet access until you changed the default password i dont know why they havent done that, having default pass is stupid its only there to do a hard reset (physically) oh well i guess lots of companies are going to get lots of complaints... suits them right... but feel sorry for all the ppl who dont have a clue what firmware means... or that they can even get into a router...
I believe the intent here is to force the router manufacturers to address this problem in a meaningful fashion. He's really not giving something new to the hacker community. This is an old and well-known vulnerability.
The bottom line is that the destination site must be corrupted with the appropriate script. A site like Tom's isn't likely to do that; and sites that would (porns sites primarily), already use browser vulnerabilities to disseminate malware.
you'll never make a system 100% secure. it will N E V E R happen. Not even your high priced CISCO boxes, with the command scripts can make it 100%. Hell look at upnp, it's based off of a syntax/infrastructure that died in 2001 but its still used today. GRE is the way in.
also for a classic example on how this wont make a lick of difference look at how Symantec Antivirus is still one of the most purchased corporate solutions. Yet its success rate is worse than the Kansas City Royals!