Originally Posted by SpaceBass
What I think is a bigger risk is the WiFi network in hotels. Its become trivial to do a little ARP cash poisoning and become the man in the middle.... There are tools are there that are scary in how robust they are....they'll record voip calls, capture passwords, crack hashed passwords... I don't do anything with out VPN on a public network.
Yes—this is very scary indeed. I hadn't realized there were tools out there to just record VOIP calls but that makes perfect sense; I think I'll be setting up a more robust VPN to my Unix boxes back home.
As far as WEP goes, just look up Newshams 21-bit attack. Just as bad as the weak IV frames go. If you aren't using WPA (preferably WPA2), you really should be. I've (with consent) cracked several WEP networks using Newshams 21-bit attack with all of 2 or 3 mintues of packet gathering then 15 seconds of cracking on my 1.67GHz PBG4.
Only downside is having guests over... you can certainly just give them the password, but with how cheap APs are, when at home I've found myself just having a second open AP with fairly draconian filtering on it for guests to use.