What’s interesting about this case – and what leads to the title above – is not so much what went wrong, but rather, what went right. You see, this bogus certificate was detected, and likely not because some good samaritan reported the violation. Rather, it was (probably) detected by Google’s unwavering surveillance.
- Mathew Green, on Google detecting fake SSL certificates in “Surveillance works! Let’s have more of it”