An Indian certificate authority in the Microsoft root of trust has been caught issuing fake Google subdomain certificates that would allow nearly undetectable eavesdropping on “secure” connections to services like Google Docs. Read the rest
See the original post:
Fake Google subdomain certificates found in the wild