I accessed "mail.yahoo.com" and got this error message saying the certificate is bad. Normally, this would be cause to panic. While lesser sites might get SSL wrong, the big sites should get it right. Therefore, if you see a certificate error at a big site like Yahoo!, you should assume somebody is trying to man-in-the-middle your connection.
However, on closer inspection, it appears that Yahoo! fouled up. It's the result of "mail.yahoo.com" incorrectly using a certificate for "login.yahoo.com".
The fact that even a large site like Yahoo! cannot get SSL is pretty damning for SSL.