<div>
I'm submitting the first page of the certificate as a picture.<a href="https://filedb.experts-exchange.com/incoming/2012/09_w36/601596/Yahoo-Certificate---1.png" target="_blank" title="First portion of Yahoo certificate (55 KB)"><img alt="First portion of Yahoo certificate" class="file-block lazyload" style="max-width: 387px;" data-src="https://filedb.experts-exchange.com/incoming/2012/09_w36/601596/Yahoo-Certificate---1.png" /></a>
</div>


I'm submitting the first page of the certificate as a picture.First portion of Yahoo certificatehttps://filedb.experts-exchange.com/incoming/2012/09_w36/601596/Yahoo-Certificate---1.png

Yahoo-Certificate---1.png

<div>
Here is a screen shot of more information<a href="https://filedb.experts-exchange.com/incoming/2012/09_w36/601597/Yahoo-Certificate---2.png" target="_blank" title="More of the certificate (54 KB)"><img alt="More of the certificate" class="file-block lazyload" style="max-width: 365px;" data-src="https://filedb.experts-exchange.com/incoming/2012/09_w36/601597/Yahoo-Certificate---2.png" /></a>
</div>


Here is a screen shot of more informationMore of the certificatehttps://filedb.experts-exchange.com/incoming/2012/09_w36/601597/Yahoo-Certificate---2.png

Yahoo-Certificate---2.png

<div>
No definitive answer, but I appreciate the lead.
</div>


No definitive answer, but I appreciate the lead.

<div>
<div class="content wysiwyg-content">
All of a sudden, when the client is trying to sign onto Yahoo to get email, they see a &quot;This Connection is Untrusted&quot; warning. They used Firefox on Mac, signed onto Yahoo, then clicked on the Mail link on the Yahoo home page.<br />
<br />
The key phrases they see are:<br />
<br />
login.yahoo.com uses an invalid security certificate.<br />
<br />
The certificate is only valid for login.yahoo.net<br />
<br />
(Error code: ssl_error_bad_cert_domain)<wbr /><br />
<br />
<br />
Is this an exploit? &nbsp;<br />
<br />
<br />
Thanks.<br />
<br />
<br />
Larry
</div>
</div>


All of a sudden, when the client is trying to sign onto Yahoo to get email, they see a "This Connection is Untrusted" warning. They used Firefox on Mac, signed onto Yahoo, then clicked on the Mail link on the Yahoo home page.

The key phrases they see are:

login.yahoo.com uses an invalid security certificate.

The certificate is only valid for login.yahoo.net

(Error code: ssl_error_bad_cert_domain)


Is this an exploit?  


Thanks.


Larry

Yahoo Connection is Untrusted - get warning at login.yahoo.com

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.