Wireless Access Authentication seems silly

I just realized how silly the wireless access control systems. The University of Florida, for example, before you can browse the internet, you have to login with your Gatorlink which binds your identity to a MAC address. The problem is that someone can easily spoof my MAC address. It's no different than the session hijacking for HTTP. I guess that's why UF is trying to move to a VPN model. There are a lot of other campus networks who does the same thing (sadly). It is extremely surprising to realize how bad we suck when it comes to securing our infrastructure.