Following Comodo’s improper issuance of certificates to sites such as Google, we have now been made publically aware of the same thing happening at the Certificate Authority diginotar.nl. A certificate for *.google.com was issued, and it appears that the recipient is the Iranian government. It is currently unclear why this certificate was issued, but it is clear the intention is to use it for a Monkey in the Middle (MITM) attack based on first hand reports. Firefox will issue an update shortly that will disable this Certificate Authority to prevent the attack, but in the meantime this can be done manually by following the instructions found here.

If you are an Internet Explorer user you can remove diginotar certificates using these instructions:

  1. On the Tools menu of Internet Explorer, click Internet Options.
  2. On the Content tab, click Certificates.
  3. On the Trusted Root Certification Authorities tab, click the appropriate certificate, click Remove, and follow the instructions on your screen.
  4. On the Intermediate Root Certification Authorities tab, click the appropriate certificate, click Remove, and then click Yes.
  5. Click Close, click OK, and then restart Internet Explorer.
I am told that Chrome will also be issuing an update to remove this CA, but in the meantime you can remove the Diginotar certificates using the instructions found here.
This attack appears to be primarily aimed at Iranian citizens and activists, so if you are in Iran please use extra caution as this certificate has been in the wild for some time. It is recommended that you change passwords to your Google accounts as soon as possible.