Let's say that an employee in your company gets a new laptop. He's excited about the laptop's WiFi capabilities, but the company he works for doesn't have wireless capabilities. What's he do?
One option is to bring in his own wireless router. He goes down to the local computer store, picks up a router for $39.95, and brings it to work. He plugs it in, boots up his laptop, connects to the network called "default," and is happy to use his laptop from anywhere in the building.
Another possibility is that he opens up the "wireless connections" panel of the laptop and sees a list of possible networks to join. He may not realize that the access points are on networks belonging to other individuals or companies. In the unlikely scenario of a targeted attack, he may even see an official-looking access point named after his company. In either case, he connects to somebody else's wireless work, finds that he can access the Internet, and...
