I posted a story on Newsvine today, but I couldn't tell you where to find it. The gist of it was this:

In April I went to DIsneyWorld and stayed at All-Star Music. Rather than pay the money for internet, I hopped on the network and was going to spoof a MAC address so I could check email. I didn't (I've only done that once before and couldn't remember how) but was able to get on the internal network just by plugging in. I did some packet sniffing (to see where the DCHP server was that I was getting my address from) and was floored when I discovered that I could see all of the network traffic. It looked like I was wathcing all the sites that all the other hotel guests were going to. I imagine if I were really crooked, I could have decrypted the packets to get peoples passwords and bank numbers, but I deleted the information a week or so after I got home.

The long and short of it is, Disney's hotel networks are dangerous as far as privacy goes, and this makes me wonder how safe any hotel networks are. Usually using a switch or router will make it harder for people to sniff packets (rather than just a hub) But for those of you who travel a lot, beware. Someone could be grabbing your information and use it rather than delete it.

I told this story today to another comptuer guy, who suggested I tell Disney. I called them and gave up after a half hour of being passed around. Once I got to IT, but then ended up at someone in Guest Services.
It was when I hung up that I thought I'd warn people on my own, but I wanted you guys to knwo that I made an effort to contact the folks responsible. I think if you're paying 10-15 bucks a day for the internet, you should have some sense of safety.

The complimentary ADSL network at the Hotel I work at is completely open. Heck, their router password was ‘admin’ until I changed it.

The guy that installed the network is a buddy of the owner. He’s either completely incompetent or really lazy. Both I suspect.

maybe hotels should have a warning next to the ethernet jacks "Someone could be wathcing you"

I suppose if you have a firewall on your laptop you'd be ok?

The complimentary ADSL network at the Hotel I work at is completely open. Heck, their router password was ‘admin’ until I changed it.

The physicist Richard Feynman told a story about how he taught himself how to crack safes. Basically, he learned that the majority of all safes are set to zero zero zero, or similar default numbers.

Don dad, the answer is yes and no. You would be safer from attack, but no safer from people sniffing your information. All they'd do is catch stuff as you sent or recieved it, kind of like someone who takes other people's mail home, opens and reads it, then puts it back into circulation. You could put a lock on your mailbox that would keep out all but the mailman (a firewall) but the guy still read your mail en route. There is no real protection from that as far as the end user is concerned. Stronger encryption would make it more of a pain, but for every encryption there is a crack.

The physicist Richard Feynman told a story about how he taught himself how to crack safes. Basically, he learned that the majority of all safes are set to zero zero zero, or similar default numbers.

Mr. Feynman’s theory is pretty accurate. A lot of hotels have those digital safes in the rooms now. They have an admin combination programmed in so hotel staff can open them. I’ve yet to find one that has been changed from the factory default combination.