Nope, I sure haven't. However, ARP poisoning is one method of establishing a man-in-the-middle attack.
Basically the attacking machine convinces both sides that the MAC of the attacking machine is the Client / AP/Server that the other is trying to communicate with. It does this by "poisoning" the ARP cache with the attacker's MAC.
So that's (likely) the "poison" reference.
The 169.254 addresses are provided by (at least) Microsoft when DHCP fails.
Check to see if the client you were using has a wireless MAC of 00:13:ce:e3:40:6c (STA = Station), STA [00:13:ce:e3:40:6c, 0.0.0.0] = MAC and current IP address of that station.
SPA = Single Packet Authentication - Here's a link for a Google search, pick a link or two that you trust and read all about it.
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GWYA,GWYA:2005-06,GWYA:en&q=secure+packet+authorization
Sorry I don't have a specific answer, but perhaps (given that you know exactly what the setup was/is), you can piece something together.
Good Luck
Scott