Uh, issuing a CA cert to the Egyptian company was the very definition of mis-issuing a cert!

No, the definition of mis-issuing a cert is when you issue a Google cert to someone who isn't Google. Not doing due diligence on what people to whom you've issued a cert are doing with it is a little different.

This is just semantics, though. I think everyone agrees they done bad.