see for yourself
also read here
If you are a mozilla Firefox user and wish to delete the cert, please see this post
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
this is the first known thread that mentioned the posting.
http://www.google.co.uk/support/forum/p/gmail/thread?tid=2da6158b094b225a&hl=en
Microsoft also posted a prompt response
Microsoft Releases Security Advisory 2607712
http://blogs.technet.com/b/msrc/archive/2011/08/29/microsoft-releases-security-advisory-2607712.aspx
Google responded in the following statement
Today we received reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it).
obviously it goes without saying, this is huge… somehow i missed this with my hectic work schedule. if you are like me and use an andoid
ok, so it looks like the CA, DigiNotar somehow issued this and others without permission from Google.
SSL Certificate Scandal Exposes Bug in Mac OS X
http://securitywatch.pcmag.com/apple/287205-ssl-certificate-scandal-exposes-bug-in-mac-os-x
But you can configure your software to remove trust for particular certificates yourself. This is what user Seth Bromberger tried to do by removing trust of all DigiNotar certificates on his Mac using the Keychain software. Afterwards he tested by surfing to DigiNotar’s site and should have received warnings, but he didn’t.
The problem turns out to be that if a site uses an EV-SSL (Extended Validation SSL) certificate, Keychain will ignore the fact that the user has marked it as untrusted.