In the wake of Moxie Marlinspike s SSL talk at Black Hat this summer, another security researcher has used the technique described in the talk to create and publish a valid wildcard certificate and private key that could be used to fool browsers into believing a site is legitimate when it is in fact a fake. Such a certificate could be quite useful for attackers interested in setting up a fake online banking site or similar scam. A vulnerable browser would recognize the certificate as being valid and it would be up to the user to look for inconsistencies.
Source: https://threatpost.com/researcher-publishes-valid-wildcard-ssl-certificate-093009/72259/