Originally Posted by Absolute
Equivalently, even if you did accidentally connect to a "hacker"'s network instead of the public network, you would be at no additional risk.
There are things like Firesheep
which can hijack sessions because authentication cookies are transmitted in plain text, even though the actual login was encrypted. This is poor design on the website's part, and as you say, you can be at risk whether you're on a hacker's wifi or a public one.
There are potentially more sophisticated hacks that could go on, such as spoofing DNS to make it look like you're connecting to your bank, when you're really connecting to a fake site designed to steal your password. Browsers have some safeguards against this, but there are still vulnerabilities, not least of which is users clicking "Proceed anyways" on a giant flashing red warning screen. At this moment, I don't think attacks like this are common place, but all it takes is one turn-key software solution to make it a real threat. But, there are methods of performing these kinds of attacks on a public wifi which don't require the hacker to have setup their own.
I don't worry at all about connecting to public wifi for doing non-sensitive things. I am confident that my devices aren't going to be directly hacked back into, and I might not feel that way if I was running an unpatched copy of Windows. Browser session hijacking is a small concern, but the damage will really be very limited if somebody watches me browse yelp reviews to pick a place to eat dinner. I may elect to use a VPN if I need to access genuinely sensitive sites.
Originally Posted by Doug K.
Every home wifi router I've ever owned or helped set up was open by default. Putting a default password on them would only give a false sense of security -- the default password wouldn't be very secret.
This definitely used to be the case, but now many home wifi routers seem to come with a random password enabled as the default setting. The password is typically written on the bottom of the router. And by random, it often seems to be the ethernet MAC address, or something similar.
As to the OP, probably the best way to protect yourself is similar to other generally recommended computing advice: Make sure you have the latest security patches for your device to prevent direct hacking. When browsing, use the https:// sites whenever possible. Pay attention to warnings and errors your browser puts up, particularly unrecognized certificates for well-known sites. Don't connect to anything genuinely sensitive from an untrusted location.