AirDefense likes to rub it in: At the current RSA Conference, an event devoted to understanding and improving secure communications and systems, AirDefense found 623 Wi-Fi enabled notebooks and mobile phones on day one, of which 56 percent were configured to automatically log on to commonly named Wi-Fi network. They found seven rogue networks, two of which masqueraded as the official conference network, and one even had a forged security certificate--which must mean a server-side certificate that handles 802.1X authentication.
Update: AirDefense shot me an updated note about this. On day two of the conference, they detected 847 networks, 481 of which (57 percent) were open to evil twins. On day two, they also saw a spike in DoS (denial of service) attacks--85 of them. This included using CTS (clear to send), which forces other stations to hold off transmissions; deauthentication, forcing clients to reconnect; and jamming.
Later update: On Feb. 9, AirDefense released more information, noting that they spotted 1,137 of 2,017 wireless devices at the conference that could have been compromised. Many clients leaked information that would have allowed later off-line password cracking or network replay for access on their home corporate networks. AirDefense also noted 10 percent of laptops had unpatched software or disabled firewalls.