Dear god is that article rife with errors. Almost every declarative statement made is incorrect.
This is someone looking for a sensational response without taking the time to wonder if the people reading the article, at least here on HN, are ready to call him out on his bull shit.
I've been doing IP networking from early 90s and I didn't find anything new in this article, except false claims. Also many attacks weren't as advanced as I would have assumed.
Btw. With Windos 3.0 Trumpet Winsock allowed you directly to snoop IP traffic as well as packet content. So there's nothing new with it either.
I also worked in networking department monitoring network issues, and it was painfully clear, that anyone who used telnet to access bank was easily monitored. (of course) Best thing was that banks didn't offer back then any other alternatives, except traditional POTS modems, which were just being replaced by IP networking.
Oh boy did I laugh about firesheep news, it was so obvious and over 15 years old trick.
I was naturally expecing this post to contain information how to MitM HTTPS and SSH sessions. Yes, users are stupid, and they might continue accessing services and login, even if cert isn't valid. As addition to that, they could have listed tips, how to create own cert authority and create "self signed" certs for every site being accssed with HTTPS. We're currently doing that in corporate environment. Only thing you need to arrange, is to use AD to get devices to trust this new cert. When you access facebook.com you'll get valid https connection with cert signed by IT. Yes, we can evasedrop and virus monitor also https connections, of course.
I'm sure there are many guys who have much more to add to this short list, what can be done.
Often with high security sites we opt to trust predefined exact public key fingerprint instead of any "publicly" signed cert. Because we all know the problems with official publicly signed certs and authorities.
I will agree with you that is sensational and a bit irresponsible, but there weren't any glaring inaccuracies. The only novel information in the article was that Wifi devices leak all their past access points to anyone -- if that statement is indeed true (and knows how many devices it's true for) (edit: apparently the technique has been around since at least 2006). The rest of it was a very basic tutorial on how to snoop on unencrypted traffic, which is usually not something people who have to read a tutorial on should be doing.
To be honest, the article isn't really all that wrong or sensationalist - It's a little bit simplified in some spots but for the most part is an accurate depiction of how simple it is to perform man-in-the-middle attacks on the unsuspecting with a device running Karma.
I'm not sure which exact points of article your parent poster has an issue with, though so I can't rebut his arguments.
The first paragraph is relatively straightforward - just posting to HTTPS isn't enough. Your login form has to be HTTPS too, and not mixed-mode. Inject a javascript keylogger into your login form which you served over HTTP? Don't mind if I do.
The rest of the article is just a tutorial on how to get to the point where you can do something like that, by using the Pineapple.
Yes, Karma does actually work like explained in the article, and yes, clients will connect to any AP running Karma or a similar implementation, and it will do it for the exact reason he stated: They will broadcast the SSIDs they 'remember'. Once they're connected to your AP, well, you're on the path between them and anything they try to visit. That's pretty much the definition of being a man in the middle.
The article doesn't go too deep into what you can do and simply mentions that you can take a look at HTTP traffic -- If you can look at it, you can modify it on the fly. If you can do that you can spin up something like SSLstrip[0], or drop in a java driveby or... well, anything you can imagine doing to traffic on the wire.
Note that the pineapple is not the only device that can do this. There's all sorts of things like the expensive and super sneaky Pwn Plug[1] to something like a hand-made minipwner[2] which you can put together with $30 and a bunch of spare time.
This is someone looking for a sensational response without taking the time to wonder if the people reading the article, at least here on HN, are ready to call him out on his bull shit.