On March 23 2011, the Certification Authority Comodo announced it had mis-issued 9 SSL Certificates to high profile websites including:

* login.live.com * mail.google.com * www.google.com * login.yahoo.com (3 certificates) * login.skype.com * addons.mozilla.org

The Certificates were issued through one of its unnamed Registration Authority (RA) Partners who had been given transferrable trust rights to issue publicly trusted SSL Certificates.

The fraudulent Certificates have since been revoked, however due to the high profile nature of the mis-issued Certificates, Microsoft, Google and Mozilla have issued browser updates to hardcode the revocation status of the Certificates into the browsers. We advise all GlobalSign customers to update their browsers immediately.

This is a very serious compromise of unprecedented scale. As further details unfold, our security group will publish a full statement. However we wish to strongly iterate that this is a completely standalone attack on the Comodo systems. GlobalSign wishes to confirm to all customers, partners and the industry as a whole that GlobalSign is not affected by the Comodo compromise.

More information:http://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_theft http://www.computerworld.com/s/article/9215036/Delay_in_disclosing_SSL_theft_put_Iranian_activists_at_risk_says_researcher