Symantec Security Response Weblog: Drive-By Pharming: How Clicking on a Link Can Cost You DearlySince I'm a geek I have two inline routers from different vendors with different admin passwords (the password you use to connect to an encrypted WLAN is not relevant here) and, I think, usernames. There are probably two other people I know who do this. I'm not even sure I changed the un/pw on my mother's router -- nor would I necessarily know how! Her primary router, which is where her DNS information comes from, was installed by her cable company.
I don't believe my Airport Router has a web interface, so it's probably immune. Even if it weren't, Apple has a distribution mechanism that allows effective updating of their routers. There's something to be said for that ...
Most browsers, btw, will 'memorize' passwords. I presume that's not exploitable here.
PS. I assume it's obvious to my handful of geeky readers, but a robust WLAN password is of no help here. This is all about the router's admin pw.
Update 2/16/07: I underestimated myself. I did change my mother's router's admin pw.
Update 2/24/07: Schneier has an article. He agrees, it's impressive.