All Domains are Vulnerable
To add to the comment above; all SSL protected domains are vulnerble because the browser only confirms if the domain/website certificate was signed by any CA it recognizes and browsers generally recognize all CAs unless the user has gone in and removed some. By default, your browser trusts Verisign or the Chineses Post Office because both are officially recognized as certificate authorities. The trust is centralizes with the CAs who repeatedly prove themselves to be untrustworthy. CAs early on also negotiated a deal that they could not be heald accountable for false positives between the user and the website; "sure we'll say that certificate is valid for that website but if it's not then that's not our fault" .. yet, that is the very business they claim to be in. With the prices they charge for higher levels of "secure" signed certificates, it's a confidence scam at best.
What we need is a replacement like wide adoption of Convergence.IO which places trust under the control of the user while anonymizing the user's request to the notarieties. Multiple notarieties must agree that a certificate is valid so one rogue notariety or even nation state can't exploit the system; the user can just add more good notarieties and/or remove the bad ones.
