In the meantime...
Having read the entire posting at http://www.jibble.org/o2-broadband-fail/ to try to get a little more technical insight and to assess the potential impact on my own router, there's a useful suggestion on how to mitigate the risk:
"...mitigate the risk of attack by enabling authentication on their router's HTTP configuration interface (by default, the device lets you browse directly to http://192.168.1.254 without requiring a password)".
Just to suggest the obvious, but perhaps ISPs (and end-users) might be warned of the inadvisability of leaving passwords blank. My ISP lists various security-related information, like WPA keys, on a custom sticker on the router itself. Perhaps a password might be configured and added to the sticker?
Biting the hand that feeds IT
