A counterfeit SSL certificate for all Google subdomains (*.google.com) has been issued, which allows an attacker to snoop on your Gmail. It was issued by DigiNotar, a Netherlands-based certification authority, and was probably generated through stolen cryptographic keys.
This means a regular user can become a victim of a Man-in-the-Middle attack.
In this attack, a hacker sits in the middle of your queries to Gmail server.
It diligently forwards all of them back and forth from your computer to Gmail, but remembers their content.
SSL certificates were designed to prevent this, by displaying a broken lock icon in the browser when the endpoint your computer talks can't be validated.
Because the attacker now possesses a stolen Google cert, that means you will not see a broken lock icon, even when you are talking to attacker's server and not to Gmail. So what can you do?
It's recommended to disable DigiNotar CA root cert from your browser. You may get a broken lock icon if you visit other legitimate sites, validated by DigiNotar, but it's better to err on the side of caution.
To remove certificates from the browsers, do the following:
Internet Explorer: http://support.microsoft.com/kb/293819
Chrome: no need to do anything as it has built in protection
Safari: Go to Applications - Utilities and select KeyChain Access utility program.
Select under Keychains (System Roots) and scroll down to DigiNotar Root CA. Then right click on it and remove it.
NOTE: Alternatively on a MAC you can type
sudo security delete-certificate -c "DigiNotar Root CA" "/System/Library/Keychains/SystemRootCertificates.keychain"