Agree totally! However the article describes a situation where the users browsing activity is being re-directed to a fake version of a legitimate airline website, either via a trojan on the local machine hijacking the DNS requests, or, by extension (presumably) via any one of the long a varied list of DNS hijack technologies that are in use.

Not sure if I agree quite so much here, there are various risks and problems with doing this in the real world, and the effort of doing a pass-through of the credentials to the real site probably isn't worth it for the (sadly) small number of people who would notice the difference. I agree Hackers ain't stupid, but they do understand the 80-20 rule, and they also don't like generating traffic that makes them look suspicious.

However, zooming out from the original threat (which is more of a general concern, as once the illicit hacking market has discovered the value of FF miles, you can be sure that they will be coming up with many many more ways of trying to fool us!), here is a full set of security advice, some or all of which may be useful dependent on your level of paranoia:

If at all possible, always use your own device to access the internet whilst you are away from your own controlled environment. Take sensible security precautions dependent on the device in question (i.e. anti-virus/anti-malware for Windows/Mac-OS machines, sensible security model for Linux machines -don't log in as root and browse the internet, and use of common sense for other devices - don't download dross onto your working tablet/phone). If you absolutely have to use a shared/lounge/hotel/cafe PC, then only use either one-time or two-factor authentication, and, even then, consider carefully the risk/benefit ratio, as these types of login are still subject to MITM attacks as ably described by uszkanni.

If at all possible, use your own, trusted means to access the internet when doing things that require sensitive logins - 3G Dongles are pretty cheap these days, and are a lot more secure than WiFi networks, and often a lot cheaper than the hotel internet service too....

Have a healthy scepticism of shared use WiFi networks - especially in areas where you do not expect them. Fake WiFi Hotspots and DHCP and DNS hijacking attacks mean that you can very easily have your traffic intercepted or redirected. In a perfect world, you should only use a "public" internet connection to establish a VPN connection back to a known trustworthy server, and then all of your traffic (DNS included!!) should go via this server. Sadly, we don't live in a perfect world, so the best alternative advice is to only use secure protocols to connect via insecure networks, check certificates for secure websites and do not ignore security warnings from your browser.

Consider using extensions like NoScript for Firefox that block all attempts to remotely execute code via the web. True, they make the web a bit more complicated to use, but, really, do you want every website in the world to be able to run scripts on your local machine??

For myself, I carry a netbook (that runs Ubuntu), use a 3G dongle for network access in the UK and NZ, do secure access to my local network via SSH tunnels (mutually authenticated by public/private key), and have ....... and NoScript installed and active by default. One of these days I'll go over to either one-time or 2-factor logins, when I've found a solution I like (probably not SecureID, given the recent bad-publicity).

At a time when we're being forced by airlines to do more and more on the web, it's a real shame that sat in an airport or hotel is probably one of the least secure environments to be doing it in.....

Willard the Bear - Checking E-Mail? Airline Websites? I have a flunky to do that kind of thing for me!