response to a question about sniffing images out of thin air:
packet sniffing on open networks (no password) on unencrypted traffic (no https) is easy enough with the carnivore processing library, but re-assembling the individual files from the packets you collect is a little more involved.
just googling for etherpeg now I came across this:
not tried it, but it seems like it could pull out images easily enough.
see also airpwn which uses two wifi cards in one computer to go a step further and replace images (in their case with goatse).
there’s another project which talked about replacing the text of news stories in cafes using the same principle:
protect yourself slightly from sniffing with https everywhere from the excellent EFF.