Lock up your Googles! A forged certificate has been detected that can allow hackers to get into just about any Google account you can think of, including Gmail.

From the Telegraph:

The “man in the middle” attack also further undermines general confidence in the Secure Sockets Layer (SSL), a security protocol used to authenticate all kinds of sensitive internet traffic, including online banking. SSL certificates are meant to act as an independent third party to verify that communication between a website and a browser are secure.

The forgery appears to be based in Iran. This issue casts a light on the pretty weird and highly byzantine system of certifications and who is authorized to issue them. Short answer: dozens of places you wouldn’t expect, many are holdovers from the early days of the web. Since these certificates are what verify identity on the web, a lot of people think there need to be fewer issuing authorities that could be more easily managed.