maravis.com

Recently DigiNotar, a Netherlands based certificate authority, suffered a breach. This resulted in the forging of more than 200 SSL certificates, including Google, Yahoo, Mozilla, WordPress, etc. What is the impact of this breach?

A lot of popular websites like Twitter and Facebook use HTTPS for the login page, but switch to regular HTTP for the subsequent pages. This can result in session hijacking attacks where an someone else on the same network may be able to view all the traffic (including your photos and posts).

Twitter has had to reset the passwords to some of its users after they noticed some anomalous usage. The number of followers for a couple of accounts grew fast enough to trigger an investigation.