Nine fake SSL certificates have been issued for fraudulent websites posing as domains for high-profile sites. The certificates were issued for mail.google.com, login.live.com and three different ones for login.yahoo.com. The attack appears to be nation-state sponsored, most likely out of Iran, Comodo says. Experts say the certificates could still be in use, possibly in stealthy, one-off attacks. They could be used to spy on citizens via Google, Yahoo mail, Skype, Microsoft, and Mozilla websites.”]