Matt Green, himself no cryptographic slouch, says this is the biggest crypto story of the year: malware that included a new cryptanalytic result in its toolset. Zero-day vulnerabilities are somewhat common in malware; zero-day crypto results in malware are practically unknown.
It's scary to think that one day length-extension attacks, misusing cipher modes, and other crypto related attacks might be as common as XSS and SQL injections.
the day where we have a deep enough understanding of computer science for that sort of attack innovation to be the baseline would be a pretty amazing future (and one which is pretty unlikely to happen I think)
