Another thing regarding Hamster/Ferret below...
Using SSL doesn't always protect against this kind of attack. See here for
examples...
SSL is not always complete. A good example is Gmail. In theory, using the HTTPS version of Gmail should protect you by going to https://mail.google.com/mail, but this doesn't work as you think. The JavaScript code uses an XMLHttpRequest object to make HTTP requests in the background. These are also SSL encrypted by default - but they become unencrypted if SSL fails.
When you open your laptop and connect to a WiFi hotspot, it usually presents you with a login page, or a page that forces you to accept their terms and conditions. During this time, SSL will be blocked. Gmail will therefore backoff and attempt non-SSL connections. These also fail - but not before disclosing the cookie information that allow hackers to sidejack your account.