Would this appear in the certificate chain as displayed by the browser? It frustrates me that viewing the chain is such a drilldown exercise; in Firefox 3, they added a bit of up front information to the address bar (upon click on the favicon) but then made displaying the chain itself take an extra couple of clicks. Yes, I'm paranoid, but I take a frequent gander at the certificate chain of sites I'm using. Particularly for sites I use frequently, I'll notice if something looks hinky.<p>As for http pages that request credentials (presumably transmitting these to an https URL), those piss me off to no end. To my mind, they break a basic security paradigm that had been promulgated for browser use in general: Check that the page is secure before submitting any sensitive information. Of course, I believe this only really works if you also have the https --> http transition warning enabled in the browser. I hardly see any browser installations that leave that enabled, any more. But I don't know a lot about that bit of browser functionality; maybe my understanding is wrong.
According to the following quote, the problem seems avoidable if you have an <i>https</i> login page to begin with (happily something I was planning on):<p>"<i>Marlinspike said SSLstrip is able to work because the vast majority of sites that use SSL begin by showing visitors an unencrypted page"</i>
"<i>the tool uses a proxy on the local area network that contains a valid SSL certificate, causing the browser to display an "https" in the address bar.</i>"<p>Needing a local LAN is another restriction on the attack. I usually VPN to a server when on wireless, seems that will still be OK if I put high trust in that endpoint.<p>Well, we need a lot more details here, obviously.