Problems with digital certificates are troubling, but they're hard for hackers to exploit. That's because even when hackers can issue a fake digital certificate -- one saying that a server set up for phishing is Gmail.com, for example -- they still need to trick their victims into visiting that server and believing it really is Gmail. For that to happen, the bad guys must take control of their victim's DNS (Domain Name System) software too, using what's known as a man-in-the-middle attack.
But someone seems interested in doing this. When DigiNotar was hacked in July, security experts say the hackers issued themselves hundreds of fake digital certificates for domains including google.com, mozilla.com, yahoo.com and torproject.org.
On Sunday, Google said just such an attack had been launched against users of its Gmail service, primarily targeting users in Iran.