As of the time of my writing this, I have not seen or heard anything about this. Sorry. I don't happen to use OpenDNS personally, so this issue didn't effect me. However, I do usually keep an eye on all of the daily IT security news stories, and while I have seen headlines about an attack against Google using a forged Google SSL certificate, an attack against the Mozilla add-ons site once again using a forged SSL certificate, a "devastating" bug discovered that leaves the Apache web server open to DoS attacks, etc., I have not seen anything specifically about OpenDNS. However, it was noted in one of the articles that I read that a list of 247 SSL certificates issued by the company DigiNotar was recently blacklisted in the Chrome, Internet Explorer, and Firefox browsers because it was found that DigiNotar was the company behind the issuing of the compromised SSL certificates used in the recent attacks against Gmail, Google Docs, other Google services, and addons.mozilla.org.
According to one
article that I read:
The breach of DigiNotar gave the attackers the digital credentials needed to host spoofs of virtually any Google property that were almost indistinguishable to people using networks controlled by the hackers. The fraudulent certificate showed it was issued on July 10, but it came to light only on Monday. Google hasn't said how long the counterfeit certificate was actively being used in the wild.
This is just speculation on my part, but since these recent forged SSL certificate attacks seem to have targeted multiple heavy-traffic web services such as GMail, the Mozilla add-ons site, Yahoo!, the Tor Project, WordPress, and Baladin, possibly OpenDNS was yet another company that was effected by all of the compromised certs and they just silently fixed the problem and not reported it? *shrugs* Hopefully some news about what actually happened to OpenDNS will come out soon. I would be interested to learn what really happened.
