A few years ago, when stories hyping up the security risks of WiFi were commonplace, articles about
"evil twin" access points were a favorite. "Evil twins" were access points given SSIDs that made them appear legitimate, only they were controlled by a malicious actor rather than a real hotspot provider. The FUD was then that these malicious actors could steal anything that went across the access point -- even though most sensitive information is transmitted with encryption, a point the articles never bothered to mention. It looks like the evil twin -- or at least hype about it -- is making a comeback, as the head of a trade group of IT security professionals says such attacks
are on the rise. He says it's due to the growth in the use of WiFi, but doesn't offer up any real evidence that the attacks are a problem, just saying that they present a risk for people's passwords that are sent as clear text, skipping over the fact that any service provider worth their salt doesn't send passwords in the clear if they're protecting any sort of sensitive information. Instead of harping on about a largely mythical "problem" with WiFi, wouldn't this guy's energy be better spent drawing service providers' attention to the need to encrypt passwords, thereby cutting out the supposed problem?