Security researchers have discovered a counterfeit web certificate for Google.com circulating on the internet that gives attackers the encryption keys needed to impersonate Gmail and virtually every other digitally signed Google property.
The forged certificate was issued on July 10 to digitally sign Google pages protected by SSL, or secure sockets layer. It was issued by DigiNotar, a certificate authority located in the Netherlands. The forged certificate is valid for *.google.com, giving its unknown holders the means to mount transparent attacks on a wide range of Google users who access pages on networks controlled by the counterfeiters.
Google and Mozilla have responded to the forgery by preparing updates to Chrome, Firefox and other software programs that take the highly unusual step of blocking all certificates issued by DigiNotar while the forgery is being investigated.
This one apparently was used by the Iranian government. Diginotar is used by the Dutch government for a lot of their (legit) certificates, it’ll be interesting to see which parts of the government are hit by these emergency patches.