Wi-Fi security: how do you defend against this?

[Joshua Judson Rosen]

I ran across this interesting Wi-Fi toy/assault-weapon online a while ago:

    <http://wifipineapple.com/>

    Most wireless devices including laptops, tablets and smartphones
    have network software that automatically connects to access points
    they remember. This convenient feature is what gets you online
    without effort when you turn on your computer at home, the office,
    coffee shops or airports you frequent. Simply put, when your
    computer turns on, the wireless radio sends out probe
    requests. These requests say "Is such-and-such wireless network
    around?" The WiFi Pineapple Mark IV, powered by Jasager -- German
    for "The Yes Man" -- replies to these requests to say "Sure, I'm
    such-and-such wireless access point - let's get you online!"


Sort-of... scary, isn't it? Especially given how little information
is given in the modern Wi-Fi connection-management GUIs about the
identity of the *access points*, how would you go against protecting
yourself against something thing like this?

Everyone makes such a big deal out of `Wi-Fi security' in terms of
*making users authenticate to the APs*, but it seems we've totally
ignored the problem of *making APs identify/authenticate to the users*.
When I've my colleagues, "How do you know that that AP is actually
*your* (safe) AP, and not just someone else posing as your AP?",
and the initial response is always "Because my password works,
I guess...".

I'm really interested in this, now; and it looks like these guys
are still running `holiday special' (basic unit, plus some nice
accessories like a battery-back and carrying-case, for not much
more than the normal price of just the basic unit), so I just
ordered one. If it's all it's cracked up to be, it should make
an interesting `sparring partner'.

-- 
"Don't be afraid to ask (λf.((λx.xx) (λr.f(rr))))."