As far as I'm concerned, the worst issue with 802.11x wireless networks, is the triviality of engineering a monkey-in-the-middle (MitM) attack. As an example, say I sit down in the Delta Crown Room in the Salt Lake City airport (comes to mind because I'm there so frequently), fire up my Verizon EVDO wireless card to connect to the Internet, and turn on "Internet sharing" on my Mac (also known as making it a router). Next, say, I configure my Mac to be an ad-hoc WAP with an SSID of "tmobile." What do you think is going to happen?

I'll tell you: everyone who is sitting closer to me than to the *real* tmobile WAP is going to get a stronger signal from me, and so will end up associating with *my* WAP rather than the real one. And not one of them will know the difference. With the end-user tools on Windows and Mac, there is literally *no way to tell*. Someone might scratch their head and wonder why they got straight out to the Internet without having to pay the $9.95, but mostly they'll just feel lucky, or decide that Delta started offering it for free.

So then what? Well, now I can grab every single packet you send or receive, and even modify them on the fly if I choose. I can give you bogus answers to your DNS queries. I can redirect your web traffic to my malicious website if I want. With the right proxying tools, I may even be able to see inside your SSL-encrypted traffic. This works just dandy with any public WAP: in a café, in a library, in a bar, restaurant, etc.

Just flat scary stuff.

/jonathan