one of the first exploits i read about was walking into a starbucks and setting up a fake AP to get PCs to think your laptop was the AP.

this was done by running something like kismet to get BSSID and ESSID of the AP, and then forging your MAC address to be identical to the real AP. then with an injected mass de-auth packet, you can then begin to steal the traffic from the AP, as the PCs/laptops begin to reacquire their connections. with this going on, it is expected that the PC/laptops, begin to braodcast keys associated with the AP, and if people are VPN'd into work you may be able to cull the key for that too.

it seems that some script kiddies are growing up, and their ruses are getting more intelligent