For you to see this web page, your web browser asked a web server for the appropriate information, received it, and presented it to you. Do you know who owns the web server? Where there any witnesses to the transaction?
When you’re reading a blog, questions such as these are generally irrelevant, but that changes when you visit your bank account online. Similarly, in a corporate environment, access credentials and trade secrets are compromised if unfriendly eyes can see network activity.
A Man-in-the-Middle attack involves a hostile computer placing itself in the line of communication between you and the other, and impersonating each to the other. It sees everything the two computers send to each other, and can either modify the content or retain it for future reference. Encryption wouldn’t solve the problem because each of the legitimate computers would be carefully ensuring the privacy of its communication with that hostile computer.
Note that the hostile computer can be a pseudo-computer within a legitimate one. All it takes is the wrong software.
When using a web browser, the first step in protecting yourself is to ensure that when you are entering or viewing sensitive information, your web browser is using a secure protocol. You can do this by looking at the address bar. Do not proceed if you see http:// before the web site name. If on the other hand, you see https://, your web browser has established an encrypted connection and, if using certain web browsers, has ascertained that the other computer is a web server belonging to the owner of the website.
It is vital that such websites are disallowed in a corporate environment. Software such as BrowseControl can effectively eliminate such threats and enforce IT policies regarding choice of web browsers and email clients.
Be wary of any WiFi signal that is unexpectedly strong, such as at a significant distance from your home router, or weak such as in close proximity to it. A hacker may be using their computer to emulate the router.
Don’t use any WiFi hotspot unless you can identify the owner.