Moxie presented at Blackhat this year about his discovery of a vulnerability enabled by the automatization of CA certificate assignments and failures by X.509 encryption implementations to handle null bytes. Video has a recap of his last presentation and then the new stuff starts at 15min.

Blackhat Presentations Archive

Basically all the big names in browsers, SMIME mail clients, IRC clients, and VPN are vulnerable. Also, sky is falling.