If I connect through a VPN, how easy is it for someone with access to the server to sniff out my traffic/passwords? I know from using tools like backtrack that man-in-the-middle attacks routinely capture SSL passwords.
What do you guys know/think?
Well, I think the encryption does keep other people's noses from seeing your password, but not in all cases though. There is a MITM attack which fools both client and server and makes them think that they have successfuly exchanged the 'keys', which is obviously public.
But at the end of the day, we use SSL encrypted connection for all the confidential stuff like email and online banking/payments, and how many times have one been compromised?
Also, many VPN operators themselves use 128-bit or more/less encryption and they may not have access to decrypt it. So it's best you use reputed and largely used service as it would reduce the chances for any such thing to really happen.
I does SSL really protect my data going to and from the VPN server? I've seen tools like yamas parse FB, Yahoo and Gmail passwords with ease.
VPN only protects your data between your computer and the VPN server. If one has access to the VPN server this person also can access your unencrypted data going out of the VPN server.