Thanks for the link.... I just read it and would like to develop it further. Per the article:
1. The author gave her friend an "OK" to conduct a Wifi snooping experiment.
2. The author then connects to the public Wifi and logs onto her bank via https.
3. The friend captures her log in ID and password!
A. The friend actually set up a "rogue" Wifi network beforehand.
B. The friend also set up a "look alike" bank page beforehand.
I am thinking that in a realistic situation...
1. A "rogue" Wifi network can indeed be set up, but
2. It would be hard to fool me with a fake bank page because mine has an individualized picture. Most banking sites have two different webpages for users to log through -- with second one individualized.
But the article is invaluable -- as it goes to show that people (me) can indeed fall for, say, a lookalike Google or Facebook sign-in page, not suspecting anything different -- and expose their ID's and passwords -- because these sites don't have individualized password pages!