So, this post basically says that a hotel injects "white boxes" that could contain ads in a website when you use their free WiFi.
If one uses free WiFi, whether it is the hotel's or a Starbucks' access point, he/she should be aware that the access point cannot be trusted anyways and not only that, but also that every other user of the same WiFi might read all unencrypted traffic (which might be the more serious threat).
I guess in 2012 everyone should have a certain awareness around these things and the simple solution is to visit only HTTPS-sites from a free WiFi access point (and don't ignore the browser's SSL-warnings, if they happen to occur) or use your own (encrypted) VPN.
I planned on doing the same thing but allowing completely free wifi access across a whole city. The content injection was the simplest hurdle. Offering free wifi (the plan was to use local businesses and offer them free advertising) was the problem as every telecom company we talked to literally revised their TOS to exclude allowing charging customers for internet use. Also force ssl as content injection will not do a MITM or at least it really should not..
LOL amirite guyz? ssh -D 8080; then uhhhh set up your browser settings to proxy through local host 8080. amirite? Oh hey while were at it, use wireshark to sniff for a mac address and then clone yer machine to have someone else's mac address. this is old news. amirite?
If one uses free WiFi, whether it is the hotel's or a Starbucks' access point, he/she should be aware that the access point cannot be trusted anyways and not only that, but also that every other user of the same WiFi might read all unencrypted traffic (which might be the more serious threat).
I guess in 2012 everyone should have a certain awareness around these things and the simple solution is to visit only HTTPS-sites from a free WiFi access point (and don't ignore the browser's SSL-warnings, if they happen to occur) or use your own (encrypted) VPN.