The well written analogy is:
I’ll start with a high-level real-world analogy of this attack. Imagine that whenever you wanted to go to your bank, you picked up your phone directory, looked up the bank’s address, and then went there. Our attack shows a simple way that attackers can replace the phone books in your house with one that they created. Now, when you pick up that rogue phone book to get your bank’s address, it’ll actually give you the wrong address. At this wrong address, the attackers will have set up a fake bank that looks just like your bank. When you do business with this fake bank, you’ll give up all your sensitive bank account information. However, you’ll never realize that you were at a fake bank since you trusted the address that you got from what you thought was your legitimate telephone book.
(they also have a nice flash video that provides a graphical idea of how it works.)
No clue what I'm talking about? If you connect to the internet by way of a router (regardless of wired or wireless), you can check by following the following steps:
1. Access your router. Chances are, one of the following links will work:
2. If a username/password thing pops up, good. Try the following:
(username may be "Admin")
3. Now change the password.
Navigate to Maintenance > Set Password. (Netgear support page)
Navigate to Tools, then Admin (D-link support page)
Either click on "Administration", or "Password" (Linksys support page)
Other username/password combinations I've run across are:
If step 2 fails, follow the instructions here to figure out where you need to go.