Am I reading your output correctly, or are you saying that Verisign US is vulnerable? Or is this just humor?
The reality seems to be that only RapidSSL and FreeSSL are practically vulnerable; of the small subset of CAs that will sign with MD5, they're the two that will sign predictably; the others randomize the serial number field.
Moreover, this is an exceedingly hard vulnerability to exploit. Sotirov's team not only had a cluster of PS3s running custom code optimized to quickly find MD5 collisions, but were also working with a new academic result on collision-finding that has not yet been published.
OK, if you're right about the serial number part that is great. All I did was export the CA certs in my Firefox install and then ran a quick program on all the files to extract the signature algorithm.
Anyhow, the program you want to check this out is Firefox itself: Preferences -> Advanced -> Encryption -> View Certificates -> Authorities -> "View" -> Details.
The reality seems to be that only RapidSSL and FreeSSL are practically vulnerable; of the small subset of CAs that will sign with MD5, they're the two that will sign predictably; the others randomize the serial number field.
Moreover, this is an exceedingly hard vulnerability to exploit. Sotirov's team not only had a cluster of PS3s running custom code optimized to quickly find MD5 collisions, but were also working with a new academic result on collision-finding that has not yet been published.