The NYT has a summary of new information about the Diginotar hacking incident that has come to light over the past week:
Attackers who hacked into a Dutch Web security firm have issued hundreds of fraudulent security certificates for intelligence agency Web sites, including the C.I.A., as well as for Internet giants like Google, Microsoft and Twitter, the Dutch government said on Monday.
They're pointing fingers at the government of Iran. Bogus certificates were sent to sites operated by Yahoo, Facebook, Microsoft, Skype, AOL, the Tor Project, WordPress, and by intelligence agencies including Israel's Mossad and Britain's MI6.
There is much speculation that the attack was intended to compromise and surveil activists in Iran. In Wired News, Kim Zetter points out that DigiNotar has been criticized "for not disclosing the breach earlier to browser makers or the companies, like Google and Yahoo, who have had their digital certificates commandeered."