The major browser developers have released patches to deal with SSL certificates which were stolen from certificate authority Comodo earlier this month.
The incident began on 15 March with a hacking attack on a southern European partner of Comodo.
Nine fake SSL certificates were requested for sites, including Google, Microsoft Skype and Yahoo, and at least one was issued before the attack was detected and terminated. Comodo immediately revoked the certificates and informed the necessary parties.
The resultant activity was picked up by the Tor Project, which noticed Google's Chromium engine making changes to block the SSL certificates, followed by a full Chrome update a day later. Tor agreed to embargo the news until patches had been issued.
Comodo's chief executive Melih Abdulhayoglu told V3.co.uk that he believed the attack came from the Iranian government.
"Our security was good in that we picked up the attack and shut it down quickly, but we should have covered this threat model," he said. "We didn't, however, model for attack from a foreign government."
Abdulhayoglu identified three clues to the attacker's origin. Firstly the choice of targets was not financial companies but core internet infrastructure sites.
Secondly, in order for the certificates to be of any use, access to the domain name system infrastructure would have been required.
Finally, the attack itself did not bear the hallmarks of criminal attacks the company had experiencee with in the past. It was very well orchestrated and "too clean", according to Abdulhayoglu.
"You can't be 100 per cent certain," he said. "But if it looks like a duck, and quacks like a duck, then it probably is a duck."
But there are three times as many CDOs as there were in 2014
Companies never used to hold big launch events to announce minor upgrades, did they?
Only 35 per cent of IT decision makers regularly review their data formats
One-third of CIOs admit that their organisation has fallen victim to a security breach in the last two years
CIOs warn that companies are losing battle against cyber crime