me.yahoo.com vs. open.login.yahooapis.com?

So I use Persona via Yahoo! all the time for an app I'm developing, and for=
 the first time just saw this error in the Persona signing flow dialog box:

"This is probably not the site you are looking for!
You attempted to reach open.login.yahooapis.com, but instead you actually r=
eached a server identifying itself as me.yahoo.com. This may be caused by a=
 misconfiguration on the server or by something more serious. An attacker o=
n your network could be trying to get you to visit a fake (and potentially =
harmful) version of open.login.yahooapis.com.
You should not proceed, especially if you have never seen this warning befo=
re for this site.
Proceed anyway  Back to safety
 Help me understand"

Did Yahoo! change something?  or Persona?  or....?

tnx
0
Peter
7/17/2013 10:12:40 PM
mozilla.dev.identity 1643 articles. 4 followers. Post Follow

6 Replies
730 Views

Similar Articles

[PageSpeed] 41

ps - hitting "back to safety" has the signin dialog box showing "back to yahoo" for what seems like forever.
FYI.
0
Peter
7/17/2013 10:20:57 PM
Woohoo! Yahoo is sending the wrong SSL cert for their OpenID endpoint.

This is awesome.

Tracking in https://github.com/mozilla/browserid/issues/3676

Thank you so much for the heads up.

-Callahad


On 7/17/13 5:12 PM, Peter Lieberwirth wrote:
> So I use Persona via Yahoo! all the time for an app I'm developing, and for the first time just saw this error in the Persona signing flow dialog box:
>
> "This is probably not the site you are looking for!
> You attempted to reach open.login.yahooapis.com, but instead you actually reached a server identifying itself as me.yahoo.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of open.login.yahooapis.com.
> You should not proceed, especially if you have never seen this warning before for this site.
> Proceed anyway  Back to safety
>   Help me understand"
>
> Did Yahoo! change something?  or Persona?  or....?
>
> tnx
>


0
Dan
7/17/2013 10:34:25 PM
Thanks for the quick response.  Good luck...

On Wednesday, July 17, 2013 3:34:25 PM UTC-7, Dan Callahan wrote:
> Woohoo! Yahoo is sending the wrong SSL cert for their OpenID endpoint.
>=20
>=20
>=20
> This is awesome.
>=20
>=20
>=20
> Tracking in https://github.com/mozilla/browserid/issues/3676
>=20
>=20
>=20
> Thank you so much for the heads up.
>=20
>=20
>=20
> -Callahad
>=20
>=20
>=20
>=20
>=20
> On 7/17/13 5:12 PM, Peter Lieberwirth wrote:
>=20
> > So I use Persona via Yahoo! all the time for an app I'm developing, and=
 for the first time just saw this error in the Persona signing flow dialog =
box:
>=20
> >
>=20
> > "This is probably not the site you are looking for!
>=20
> > You attempted to reach open.login.yahooapis.com, but instead you actual=
ly reached a server identifying itself as me.yahoo.com. This may be caused =
by a misconfiguration on the server or by something more serious. An attack=
er on your network could be trying to get you to visit a fake (and potentia=
lly harmful) version of open.login.yahooapis.com.
>=20
> > You should not proceed, especially if you have never seen this warning =
before for this site.
>=20
> > Proceed anyway  Back to safety
>=20
> >   Help me understand"
>=20
> >
>=20
> > Did Yahoo! change something?  or Persona?  or....?
>=20
> >
>=20
> > tnx
>=20
> >

0
Peter
7/17/2013 10:43:54 PM
On 7/17/13 5:34 PM, Dan Callahan wrote:
> Tracking in https://github.com/mozilla/browserid/issues/3676

Yahoo is aware of the problem, but after > 90 minutes of downtime, we've 
decided to disable the Yahoo bridge and authenticate users via our fallback.

We'll re-enable the bridge once Yahoo resolves the issue on their end.

Thank you,
-Callahad

0
Dan
7/18/2013 12:09:32 AM
On 7/17/13 7:09 PM, Dan Callahan wrote:
> On 7/17/13 5:34 PM, Dan Callahan wrote:
>> Tracking in https://github.com/mozilla/browserid/issues/3676
>
> We'll re-enable the bridge once Yahoo resolves the issue on their end.

Yahoo has resolved the issue. We've re-enabled the identity bridge.

Thank you,
-Callahad


0
Dan
7/18/2013 5:46:06 AM
So, I'm able to use Persona/Yahoo! successfully again.  In the course of debugging an unrelated problem I opened Chrome Dev tools console and noticed I'm seeing this error message:

"Unable to post message to https://yahoo.login.persona.org. Recipient has origin https://login.persona.org."

on I think every page refresh.  Am I doing something wrong, or is this left over from the Yahoo! issue, or?

Here is a screenshot of the chrome dev tools console error message:

https://www.dropbox.com/s/3i9af3xaezavo9t/Screen%20shot%202013-07-20%20at%2011.31.39%20AM.png
0
Peter
7/20/2013 6:40:26 PM
Reply:

Similar Artilces:

Firefox won't allow me to go to Yahoo.com. I get "page not found". I can go anywhere else, but not Yahoo.com or login.yahoo.com or any Yahoo address.
Name: Peter Priolo Email: joghelperatexcitedotcom Product: Firefox Summary: Firefox won't allow me to go to Yahoo.com. I get "page not found". I can go anywhere else, but not Yahoo.com or login.yahoo.com or any Yahoo address. Comments: I cannot go to any Yahoo address. No problem going anywhere else, just not Yahoo. Message says "not valid address" or "page not found", something like that. I have removed from my computer all RealPlayer components, plugins and ad-ons because I heard that might be the cause. Yahoo has a message saying to d...

Sending to aol.com , gmail.com, and yahoo.com
I'm running GroupWise 7.0. I have a Firewall and a CISCO router. We have all SMTP traffic pointing to the local IP address of the GroupWise server. At are website hosting company we have a MX record setup to point to an open Internet IP addres from are ISP. So when someone email us it comes from the internet IP address to are firewall to are local ip address. We are having proplem send to aol.com, yahoo.com, and gmail.com. How do I solve this. Also getting some host down issue and the host that is down is are .com address. Please help I had the same issue and we h...

SmtpClient , sending mails to @gamil.com or @yahoo.com or @anyOtherThing.com
i am creating a  SmtpClient as follows    Dim Client As New SmtpClient("mycompany.com")it work fine for all  ids end with  @mycompany.com  (i mean the To field) but it throws an exception  when i send mails to  ids ending with  @gamil.com or  @yahoo.com  or @anyOtherThing.comand the exception.message is  'Thread was being aborted.  how can i get escape  Check your SMTP server settings and check the SMTP server logs.  My guess is you're not allowed to forward outside your domain. JeffPlease: Don't for...

geobutton.com geoup.com, geobytes.com networldmap.com?
Do these website have the potensial for privacy 'invasion'? If you just to be on the safe side want them in your host file (I did a DNS Zone Query): # Geobutton.com 127.0.0.1 geobutton.com 127.0.0.1 radev.geobutton.com 127.0.0.1 devadmin.geobutton.com 127.0.0.1 ra.geobutton.com 127.0.0.1 new.geobutton.com 127.0.0.1 comdev.geobutton.com 127.0.0.1 buttondev.geobutton.com 127.0.0.1 mail.geobutton.com 127.0.0.1 www.geobutton.com 127.0.0.1 image.geobutton.com 127.0.0.1 dev.geobutton.com 127.0.0.1 button.geobutton.com 127.0.0.1 map.geoup.com # Geoup.com ...

Yahoo.com/OneBox.com Up to Tricks?
Is Yahoo up to tricks to get people to sign up with to their new email policy that charges? I get this undeliverable message below. The message had to be delivered because the original was mailed to a mail list through my ISP mail server, and I received the same message back from the list. So it had to go through when their saying it did not. I DID NOT EVEN USE MY OLD YAHOO ACCOUNT! Notice their message wants me to reply to them. This is analogous to someone opening my regular United States Postal Service mail on its delivery route, then saying BTW we think your mail did not get ...

need to remove XSRemover.com; WorldAntiSpy.com; WinHoun.com and PSGuard.com
I have a long distance friend I am trying to help remove some desktop hijackers. The info online is limited. I have found that some of those are desktop hijackers. I told the person to check Add Remove to see if those are installed and run Ad Aware Se and Spybot Search and Destroy. Is there a remover for those or a place that tells how to manually clean up the machine. -- Firewire "Firewire" <firewire@nowhere.invalid> wrote in message news:dn9m9d$m0q$1@news.grc.com... >I have a long distance friend I am trying to help remove some desktop > hij...

www.mycompany.com vs mycompany.com
does anyone know how/why some websites, if you type www.companyname.com OR just companyname.com, either will work.....but others, you HAVE to include the "www."??how can i make my wesite work with just "companyname.com"?threeo It depends on how it was set up - - for instance, many domains are setup with both  - however, some don't. I may be wrong - but I from what I remember, I believe it's how the hosting company sets it up in their DNS records.David WierMCP/ASPInsiderASPNet101.com - where to look first!Please Vote for ASPNet101 - 'Best Community Resource'!Control Grouper - e...

superreview granted: [Bug 247542] crash on loading ca.yahoo.finance.com and finance.yahoo.com : [Attachment 151177] patch (diff -w)
Simon Fraser <sfraser@aol.net> has granted Mike Pinkerton <pinkerton@aol.net>'s request for superreview: Bug 247542: crash on loading ca.yahoo.finance.com and finance.yahoo.com http://bugzilla.mozilla.org/show_bug.cgi?id=247542 Attachment 151177: patch (diff -w) http://bugzilla.mozilla.org/attachment.cgi?id=151177&action=edit ...

COM/COM+ component
Hi Does anyone have an simple example of COM/COM+ component and the way to use it ? cheer <Muriel> wrote in message news:417783cf.293.1681692777@sybase.com... > Hi > > Does anyone have an simple example of COM/COM+ component and > the way to use it ? > > cheer Check the ole-ocx-activex group. There are also several examples in the help documentation. -- Paul Horan[TeamSybase] ...

What is COM/COM+/DCOM
Hi All, What is concept behind COM, COM+ and DCOM, Plz discuss in detail... Thanx in advance SajjadPlease Mark as Answer, if the post Solve your Problem__________________________Regards,Sajjad RizviC U ON NETreply me : sajjaddotnet@yahoo.com Sajjad, please do not ask us to do your homework for you. The following will provide you with a good start: http://en.wikipedia.org/wiki/Component_object_model Alister but why ???? Because this forums for asking the Question.... Any thing Wrong... (Thanx for Link)Please Mark as Answer, if the post Solve your Problem_____________________...

Mail.yahoo.com not opening
Name: sooriya Email: sooriyadotsatgmaildotcom Product: Firefox Release Candidate Summary: Mail.yahoo.com not opening Comments: mail.yahoo.com access issues after login Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3 ...

superreview requested: [Bug 247542] crash on loading ca.yahoo.finance.com and finance.yahoo.com : [Attachment 151177] patch (diff -w)
Mike Pinkerton <pinkerton@aol.net> has asked Simon Fraser <sfraser@aol.net> for superreview: Bug 247542: crash on loading ca.yahoo.finance.com and finance.yahoo.com http://bugzilla.mozilla.org/show_bug.cgi?id=247542 Attachment 151177: patch (diff -w) http://bugzilla.mozilla.org/attachment.cgi?id=151177&action=edit ------- Additional Comments from Mike Pinkerton <pinkerton@aol.net> smfr? thoughts? ...

Difference in outcome
What is the difference between whatever.com vs whatever.com/ when you type them into the Location bar? Is one faster than the other or difference in where it goes...? Just curious. DoctorBill DoctorBill wrote: > What is the difference between whatever.com vs whatever.com/ when you > type them into the Location bar? > > Is one faster than the other or difference in where it goes...? > > Just curious. > > DoctorBill DoctorBill, part of your answer may be that when you put whatever.com into your location bar, SeaMonkey actually goes looking fo...

login into Yahoo.com in my webform
Hi All,Can I login into Yahoo.com suppling my account details.and I need to get my contact details.Is it possible with .Net, if so can you provide me with related info. Thanks,SrinivasJunior Programmer,India Write this HTML code,that's OK.Please try it.<asp:HyperLink ID="LinkYahoo" NavigateUrl="http://www.yahoo.com" Text="www.yahoo.com" ToolTip="Yahoo" runat="server"></asp:HyperLink> That's not my Requirement. Let me give you more details, my application needs to take inputs from User like His user name and his pa...

Web resources about - me.yahoo.com vs. open.login.yahooapis.com? - mozilla.dev.identity

5 Questions for Simon Willison
Simon Willison kindly took time out of his llama-spotting , Python wrangling (Django co-creating), MP expenses crowdsourcing day, to answer a ...

Emergency Windows update revokes dozens of bogus Google, Yahoo SSL certificates
Fraudulent credentials for additional domains may also exist in the wild.

Got Ads? - Advertising revolving around Google
Dear Valued Client , We have encountered unforeseen circumstances from the maintenance on end-point https://ews11.marketing.ews.yahooapis.com/ ...

privacybadgerchrome/sample_cookieblocklist.txt at master · EFForg/privacybadgerchrome · GitHub
privacybadgerchrome - Chrome version of Privacy Badger based on AdBlock Plus

Apple ]
... # import urllib2,json,time,os locationCodes = (53716,91105,17201) def getIt(postalCode): try: html = urllib2.urlopen(&quot;http://query.ya ...

Yahoo Extends HTTPS Encryption To Yahoo Contacts And Profile APIs
Yahoo announced that it has enabled HTTPS access to its Yahoo Contacts and Profile APIs.

Metwit Weather API, an alternative to Yahoo! Weather API
Two days ago, Yahoo! dismissed its geocoding API from use. The API which, given a lat, lng coordinates group, gave a WOEID back is no longer... ...

OpenSource-IT.com - Finding the open source solutions ready for the enterprise
... (cluster) search results into thematic categories. Carrot2 provides an architecture for acquiring search results from various sources (YahooAPI, ...

Metwit Offers Free Trial of API to Help Developers of Apps Using Yahoo! Weather APIs, Obsolete Geocoding ...
... service to a paid service, the BOSS version of the PlaceFinder API uses a brand new URL structure instead of the existing “http://where.yah ...

Sitemaps Ping URLs at Google, Yahoo, & Ask.com
Last week, Google, Yahoo, Microsoft & Ask.com To All Support Sitemaps Autodiscovery. So how do you ping these services to notify the search engines ...

Resources last updated: 12/11/2015 10:31:14 AM