[robtoo]

We don't know that they didn't get a forged certificate for ssl.google-analytics.com.

Diginotar haven't (AFAIK) released even a partial list of affected domains, other than admitting that there were quite a lot of them.

[cperciva]

Quite true. If they did get a certificate for ssl.google-analytics.com, I guess the title of my post should have been "We're paying attention to the wrong forged SSL certificate" -- the contents of the post is still valid, though.