I was staying with my brothers at a hotel in Amsterdam and I had brought my laptop; the hotel offered free unencrypted WiFi for guests. Since it's in a big city, as you might imagine, you don't want the neighbors stealing all of your bandwidth, so even though it was free for us, there was a sign-in page -- you had to go downstairs and request that the desk official give you a token, then use that token to register with the system.<p>So I thought that, since I had permission to access this network anyway, I would break in -- just to see if I could. And I'd tell them about my results the next morning as we turned in our keys and headed off.<p>Actually since there wasn't any encryption there isn't much to say after that -- it was obvious that their system wasn't too sophisticated, so I just guessed "they check MAC addresses, don't they?"<p>Using the airotools-ng package for Ubuntu, I set my wireless card into "monitor mode", which (I'm not an expert) I guess is a fancy way of saying "it stopped ignoring everything it saw flying through the air in my hotel room." Normally your computer treats all of these other signals as noise relative to its own goal of connecting to the Internet -- but it's absolutely trivial to start listening to it. With the tool airodump-ng, I was able to see all of the routers at my hotel and MAC addresses of real users connecting to those routers. So I put one of those into my "Connect to the Internet" dialog box under "Cloned MAC address," and hey look, I just saved the desk clerk some time.<p>I mentioned that I'd done it the next day to the desk clerk as I checked out -- that any competent neighbor could steal their wireless access. I'll never forget his response: "yes, but they're all incompetent."<p>A similar experience: when I first came to live at my present household, I knew that we had shared WiFi but I didn't know the password -- and the guy who did know had just stepped into the shower. But it was using "WEP", a very old encryption policy which is vulnerable whenever you are transmitting data. So I fired up these same tools, found out that I was lucky -- he'd left a download running when he stepped into the shower or so -- and I captured a couple thousand data transactions. I didn't have to wait for him to finish showering before I had broken into my own Internet.<p>I'm always surprised by this sort of thing. The other day I had accidentally clobbered my sudo permission when reconfiguring Wireshark (something which can also listen to Internet traffic) to be more secure, and suddenly had no more root permissions. In about half an hour I had downloaded a live CD and burned it and broken into my own box with chroot magic to usurp root permissions to re-add myself to that group. (I have an encrypted disk, and I couldn't have done this without being able to decrypt it. However, most people that I know don't use disk encryption, so the point still stands.)<p>The lesson to take away: If some half-geek amateur like me can do these things, the professional inbreakers must have absolutely terrifying skills.