Okay, so this is going to be second-hand info. I'll just repeat what somebody told me.
My friend was just at USENIX, and one of the stories that he had (aside from some/very/ interesting anectodes about some of our community elders) was this: Some dude (I think from CMU) wrote some software that captures packets out of the air, for everybody using the wireless network USENIX provided for them. Using these he was able to sniff out passwords and the like. At the end of the conference he presented one of those working papers (something he hacked up while at the conference) on all the stuff he had found. He had a list of usernames and passwords a mile long. This is USENIX--and he was still able to get more passwords than most/etc/password files contain.
Slashdot Mirror
My friend was just at USENIX, and one of the stories that he had (aside from some /very/ interesting anectodes about some of our community elders) was this: Some dude (I think from CMU) wrote some software that captures packets out of the air, for everybody using the wireless network USENIX provided for them. Using these he was able to sniff out passwords and the like. At the end of the conference he presented one of those working papers (something he hacked up while at the conference) on all the stuff he had found. He had a list of usernames and passwords a mile long. This is USENIX--and he was still able to get more passwords than most /etc/password files contain.