The Register: Security researchers say that someone has been using a fake secure socket layer (SSL) certificate to impersonate secure Google websites. DigiNotar, a Dutch certificate authority, issued the faulty certificate on July 10, meaning its unknown holders have had it for more than 40 days.
The problem came to light when an Iranian Google user posted a message on a forum. “I think my ISP or my government did this attack (because I live in Iran and you may hear something about the story of Comodo hacker!)” he wrote.
In response, Google said, “While we investigate, we plan to block any sites whose certificates were signed by DigiNotar.”