Many of the major IT zines are running a story on this, but none I read linked directly to the paper. Here it is.

Abstract: The current IEEE 802.11 standard is known to lack any viable security mechanism. However, the IEEE has proposed a long term security architecture for 802.11 which they call the Robust Security Network (RSN). RSN utilizes the recent IEEE 802.1X standard as a basis for access control, authentication, and key management. In this paper, we present two security problems (session hijacking, and the establishment of a man-in-the-middle) we have identified and tested operationally. The existence of these flaws highlight several basic design flaws within 802.1X and its combination with 802.11. As a result, we conclude that the current combination of the IEEE 802.1X and 802.11 standards does not provide a sufficient level of security, nor will it ever without significant changes.

Available online in Acrobat PDF, 236 KB, 12 pages.

I can't help but think that the IEEE's "RSN" will soon be recast by its critics as "Real Soon Now."

Review of poor security in the 802.1x standard including attack structures.