When mining you don't know if you have the winning hash until after you submit it (sometimes not even then).
This is not quite true. You always know when you have a winning hash, however (as far as I know,) this cannot be exploited.
Mining is just hashing headers and seeing if they're above the difficulty, however the header includes things such as every transaction to be included in the block. This includes the 25 BTC reward to either the pool or you. Since
you compute the hash you always know before the pool whether it is above the difficulty or not.
So, if you're hashing for a pool and submitting occasional work, you need to set that part of the header to say that the reward should go to the pool if the difficulty is right. Otherwise the pool has no reason to accept your shares. If you do find a winning hash with the 25 BTC transaction going to the pool, you cannot simply change that one address because that will also change the hash and it will (almost certainly) no longer be above the difficulty.
I think Bytemaster's attack has to do with simply depriving the pool
and yourself of the winning hash.
EDIT: O hay, Bytemaster is really quick.