Yeah I saw it yesterday.  I kinda want to try it out and see how easy it is to crack, but will have to wait until people leave the house in case I break their Internet!

Yeah, not a fan of jail hayabusa!

I tried this at home with a spare Linksys router - it was scarily easy. What made it worse was that the Linksys lets you think you've turned WPS without really doing so. That is, I turned WPS off, ran Reaver, and it still cracked my WPS PIN and WPA2 password in under 3 hours.

In my limited experience, Reaver is easier to use and more successful than cracking WEP with no client attached (which I've been unsuccessful in even though my target router is just in the next room.) And Reaver v1.4 comes with a tool called wash that allows you to scan your local area for WPS enabled routers. There wasn't a single router in my local area with WPS off.

One thing I found though was running Reaver caused a DoS on my primary wi-fi router, even though I'd turned the txpower way down. The significant other was not pleased.

AFAIK, Linksys/Cisco are the only ones that don't actually turn WPS off (while letting you think you did). And they've been really slow in coming out with patches. The other brands (e.g. Netgear) actually do turn it off (confirmed). Another plus is that it takes a pretty strong signal to succeed. I asked my neighbor two houses over to plug in my router and Reaver failed in that case.

The sad fact is less than 10% of the routers in my neighborhood use WPA/2 in the first place. Most use WEP and one or two have no authentication at all. Still, for smaller companies the WPS vulnerability could be exploited and cause serious harm.