Change the password to your home router

New theoretical attack described in Computer Business Review: A phisher loads malicous javascript onto a web site. The javascript connects to your house router using the default IP address and default password, which you were too lazy to change. The javascript configures the router to use the phisher's own dns servers. Later, when you try to connect to your bank, you get connected to the phishing site instead, and there's no way to tell the difference.

The attack hasn't been seen in the wild yet, but it's only a matter of time. Save yourself a lot of hassle now, and secure your routers.

For more on the story, see Drive-By Pharming Attack Could Hit Home Networks.