Worth a read if your a hotspot user.

http://www.pcworld.com/news/article/0,aid,120054,00.asp

Seems to me to be a new name for an old issue.

On Wed, 23 Mar 2005 05:48:11 -0600, "Airhead"
<campb***@alliancecable.net> wrote:

It's an old problem.  Most of the hot spot owners that I know are not
going to get involved in protecting their customers from any variation
of the "man in the middle" attack.  An attacker can also get the same
results with a sniffer and data logger.  It would still be necessary
to trick the user into using a fake web page in order to get their
information as all sniffed and "evil twin" traffic is usually
encrypted by an SSL (https) web page.  The point about T-Mobile using
a credit card number for access is well taken.  They should know
better as it's been dogma since the stone age of computing that the
user name is presumed to be "well known" and should not be anything
that needs protection.

PC World is not known for being rather astute with their "warnings".
For example, they don't question why the author innocently setup a
HostAP access point on his laptop in an airport.  I guess MIT security
managers do such things.  No mention of XP's overly friendly habit of
connecting with any access point.  The article also doesn't make a
connection between their newly coined "Evil Twin" exploit, and the
comments on spyware legislation at the bottom, with no mention of URL
hijacking.

Where to Get Full Power Access Point
802.11b/g problems for apartment dwellers
WRE54G Range Expander
questions on linksys webinterface options
Excessive "Invalid misc"??
Parabolic reflector for Wi-Fi?
IBM Access Connections -- HELP!! -- Cant log on my laptop anymore
900 Mhz phone?
SMA Bulkead - tryiong to find on solwise - help
Satellite to Outbuildings