security Chinese Certificate Authority 'mistakenly' gave out SSL Certs for GitHub Domains

[Kate]

A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.

The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.

But How? First of all, do you know, the traditional Digital Certificate Management System is the weakest link on the Internet today and has already been broken?

Billions of Internet users blindly rely on hundreds of Certificate Authorities (CA) around the globe to ensure the confidentiality and integrity of their personal data.
...

Source: http://thehackernews.com/2016/08/github-ssl-certificate.html