WiFi security is looking grimmer then ever :)
Shortinfosec has discussed that guest or free WiFi is very open for collecting of interesting information. But you still needed to capture raw IP traffic, and sift through it in order to gain access to useful information.
From a couple of months ago, things became even easier. Eric Butler created the firesheep extension for Firefox. The extension was created as a demonstration of the security risk to users of web sites that only encrypt the login process and not the cookie created during the login process.
Firesheep filters through the captured traffic and collect unencrypted session cookies that 'fly' over the network. With firesheep, the potential attacker does not need to filter through anything - identities simply appear in the firesheep console.
Shortinfosec has performed a test capture on a free WiFi network - a mall. The capture of useful information takes a long time - we managed to capture 1 facebook and 1 twitter account in more then 4 hours. But for a dedicated attacker, whis period can be much longer.
Here is a brief video of the captured identities and opened in the same browser.
Talkback and comments are most welcome
Corporate Guest WLAN - The best place for Eavesdropping to Interesting Traffic
5 Rules to Home Wi-Fi Security
Example - Bypassing WiFi MAC Address Restriction
Obtaining a valid MAC address to bypass WiFi MAC Restriction