A slice of context: neither Sotirov nor Applebaum would bank their reputations on a publicity stunt; they're both well-respected.
Is it SSL? Then why does the redacted text say "even so-called secure...". Is it a js/DOM issue? Then what's the word "infrastructure" doing there?
I'm feeling mildly Thawte about this. The attack was impractical before, exploits known weaknesses, but is possible now that [redacted], and leaves a criminal in possession of something. Known weaknesses that haven't been probed well feels maybe RNG-y. Maybe you can request a zillion personal Thawte certs and bust a pool of entropy.