Web blog d'un ingénieur en sécurité informatique. IT Security watcher's blog: news, threats analysis, AV issues, PoC, IT security, bugs... Contact: philippe.vialle@wanadoo.fr
As some people and I said earlier, a few Firefox extensions could be really useful regarding the Diginotar situation.
Here is what says Certificate Patrol after a few weeks of sleep (meaning not being used; until tonight):
There is a clear warning about the fact that the renewal wasn't due yet...
But, even worse, as you can see, the Calomel extension turns now to orange! here is what it says:
A weak symetric cypher, a weak hash, and a weak key length... well the certificate is said to be genuine this time, whereas it is most likely to be less secure that the former one?
Remember: the Calomel light used to be green about GMail...!
How could this be logical? I cannot assure the connection to GMail is more secure than during the DigiNotar operation!
Update 1 (8th of September):
Google API also running after a new certificate....
Also encrypted.google.com, the one you use when you ask for "Google secured search engine":
As you can see, Equifax provided the former certificate, but also the new one. This probably means Google doesn't want to take any risk, and changes every certificate; even if the Equifax' AC was not said to be compromised AFAIK.
BTW, keep in mind that the equifax.com domain was in the list of certificate-compromised websites.
See: https://isc.sans.edu/diary.html?storyid=11500&rss
And a last one: Google Analytics:

So Google apparently changes certificates even coming from its own AC... (Google Internet Authority).
==================================================
What about Facebook? well, just have a look at the warning below, still coming from Cert Patrol:
Bye VeriSign!