Just to toss this in there, it totally wasn’t a bug, you were sending a deauth packet to force them to reconnect then recapturing their auth sequence until you had enough packets to crack the WEP key. A pretty fun demo back then was to setup a wireless bridge between an open public network and a rogue AP (usually we’d just use a pcmcia WiFi card bridge to the internal WiFi adapter); then (due to pretty much no https anywhere), you could follow peoples browsing habits, log into their MySpace/LiveJournal/DeadJournal/GeoCities/etc (passwords were pretty commonly passed in plaintext), etc.

It was never done nefariously, but allowed us to learn a lot.