A major vulnerability exists in the current wifi standard known as WPS (Wifi Protected Setup), and is exploitable using open-source code that is easily available to anyone. The flaw allows someone running that code to crack most, if not all (more on this in a second), wifi routers using WPA/WPA2 encryption, such that they can recover the passphrase even if the owner subsequently changes it. Essentially, this gives them access to your network, including the abiity to access the internet through your network as well as see all traffic flowing thru. This is about as bad as it gets.
EDIT: I should add that WPS is a required feature of routers to be accredited. This doesn't mean that all routers have it, but most of them do.
The good news: you can easily disable WPS on most common routers.
The bad news: Some routers either you can't disable, or they stay enabled in spite of what the manufacturer claims is the disabling procedure. Even worse, some routers can actually be bricked by someone trying to break in using this approach.
A list of routers and their vulnerabilities can be found here:
If your router is vulnerable and it can be disabled, do it. Instructions for doing this are easy to find. If it can't be disabled, get yourself a new router. Apple's airport routers are notable as a major brand that isn't vulnerable to this attack. I'm somewhat alarmed that a bigger deal isn't being made of this. Prompting this screed is the fact that a good friend of mine, a doctor, mentioned to me that one of his partners in his practice is using the Reaver code to steal internet services from two separate tenants who rent from him (he lives in a triple decker and rents out two of the floors) as he has a serious jones for downloading movies. If this guy is doing it, you can bet lots of others are too.
Edited by TomTerrific, 25 February 2012 - 11:39 PM.