[pfg]

It has been fixed according to the article:

> In 9 March, 2016 During my research I was able to replicate the attack and issue valid certificates without verifying the ownership of the website which I will explain later in my post, the vulnerability was reported and fixed within hours.

[josteink]

This post needs to be higher up in the thread, and not people overreacting and demanding having them removed from browser's CA-stores etc.

[sdca]

It's absolutely not an overreaction if it really happened. However, no hard evidence has been presented yet. I'm seeing screenshots and a story that anyone could have cooked up.