Hackers acquire Google certificate, could hijack Gmail accounts

The conceptual problem is that PKI stands on the trust to companies that issue certificates (CA). When there were few CAs and they did their job, everything was fine. As the number of certificates issued increased, CAs started to outsource their work to resellers and lower their cost by automating certificate issuance. So now this kind of problems will happen again and again.

Read the story and today's official statement (which proves my words -- if the computer issuing the certificates would not be connected to network, the trouble would not happen).