one of the issues is that the professional attackers, in it for the money ... don't divulge anything ... or go around advertising ... not like the kids that frequently are after the bragging rights.

a lot of the defenders ... when they do find a serious attack ... seem to be quite motivated not to advertise it also.

this is one of the issues behind the early cal. security breach notification legislation ... that institutions weren't making it public ... even after they found out about it.

when we were called into help word-smith the cal. electronic signature legislation ...
http://www.garlic.com/~lynn/subpubkey.html#signature

we also happen to observe some of the stuff going on around the discloser legislation. Since then, federal legislation has been see-sawing back and forth between something the equivalent of the cal. state legislation and a federal "pre-emption" bill (nullifying state statutes) more along the lines of some of the "CAN-SPAM" characteristics.

some recent posts mentioning the subject:
http://www.garlic.com/~lynn/2007f.html#72 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007g.html#8 Securing financial transactions a high priority for 2007
http://www.garlic.com/~lynn/2007g.html#55 IBM to the PCM market(the sky is falling!!!the sky is falling!!)
http://www.garlic.com/~lynn/2007i.html#40 Best practices for software delivery
http://www.garlic.com/~lynn/2007i.html#58 John W. Backus, 82, Fortran developer, dies

other posts mentioning MITM-attacks
http://www.garlic.com/~lynn/subintegrity.html#mitm

many of the public wireless operations ... have bootp/dhcp setup for client configuration (DNS server, ip-gateway, ip-address, etc) for initial contact that directs all the client's traffic to a special server ... which pre-empts everything until some sort of authentication is performed.

After the initial authentication ... then the client will get normal configuration update for standard internet operation, DNS server, ip-gateway, etc.

So are we talking about an attacker being able to force standard internet operation configuration (DNS server, ip-gateway, etc) w/o having to first authenticate handshake with the initial server?

Other attacks can be more serious attempting to harvest information (evesdropping, mitm reroute, etc) that can be used in replay attacks (userid/passwords, account numbers, etc).

minor recent news item

Cyber-thieves 'richer than drug dealers'
http://www.computing.co.uk/vnunet/news/2189322/cyber-thieves-richer-drug
Cyber-thieves 'richer than drug dealers'
http://www.vnunet.com/vnunet/news/2189322/cyber-thieves-richer-drug

which somewhat compliments some past articles about cyber crime now involving more money than drug crime.