Quote Originally Posted by samiux View Post
WPA/WP2 can be brute force without dictionary (proof is here).
Brute-forcing only works if the AP uses a weak password. Good luck brute forcing my router, which has a random 128 bit password.

In any case, your point is moot with public open Wifi since it is *supposed* to allow everyone to connect. No brute forcing or WPA cracking necessary.

Once the hacker associated with the wifi router, s/he can attack any computer within the subnet with Man-in-the-Middle attack (MiTM). Or, by other means.
This is true. That's why when on public Wifi you must take extra care when visiting sensitive sites (banks and the like). You must ensure the certificate you are seeing really is the bank's certificate. Probably the easiest way to do this is with Firefox add-ons. Certificate Patrol will store certs you trust and then alert you whenever they change. That would be one method of detecting MiTM. Another is Convergence. A third option would be to bypass the Wifi and only use it to connect to your own private VPN. You can set one of these up on your home router and then ssh into it whenever away from home. This will give you a secure tunnel.

Meanwhile, it is also risky to use so-called "Free wifi" in the public area when you do not sure the said "Free wifi" is setup by the hacker or not.

In additon, hackers can bypass the firewall too.

Samiux
Puiblic Wifi is fine. I would just be careful about doing online banking or any other private stuff unless you are connecting to a private VPN or are very careful with certificate checking.