SSL is supposed to protect web users by encrypting data. When it comes to trusting an SSL certificate, Web browsers rely on authoritative certificate authorities (CA) that validate the authenticity of a given SSL certificate.
But what happens when a CA issues a fraudulent SSL certificate?
This week, certificate authority DigiNotar was found to have issued a fraudulent SSL certificate for *.Google.com. The wildcard certificate could have enabled an attacker to spoof any HTTPS secured Google domain. Though advisories from browser vendors came out this week, DigiNotar admitted today that it has been aware of the issue for more than a month.
