Nothing new - but this is a problem that the web community has ignored for a long time.
Possible counter-measures for a typical end user:
- Don't use any open wireless devices :(
- If you have to, only visit sites that support SSL for the entire session and not just the initial authentication (e.g. gmail.com)
- Use a plug-in like ForceTLS (read the documentation to understand how it works)
- If you have a work laptop, VPN into your corporate network first (and ensure that all browser requests gets routed through your corporate proxy)