I just came across this on Slashdot. It’s an excellent demo showing just how easy it is to initiate a MITM attack for websites which don’t use SSL for login. You won’t be able to follow every step because it’s a short video but if you know what you are doing it should be relatively easy. The program used is Cain.
http://www.ethicalhacker.net/content/view/182/1/