Hi,
   I've read the Intercept's writeup[1], and read through Citizen Lab's
   writeup[2]. I'm having trouble understanding the attack surface, and
   how widely applicable the vulnerability is.
   Are MS and Google targeted because of their ubiquity, or is there also
   something (besides not using HTTPS) that they did to make their
   services vulnerable?
   How can there be a remote code vulnerability so low in the stack that
   it can be injected at the packet level, but high enough that TLS
   encryption foils the attack?
   Does this affect Windows only? Through particular browsers?
   I'm certainly up for using this as an argument for how difficult it is
   to predict the severity and creativity of MITM attacks, but I would
   like to better understand the magnitude of the disclosure.
   Thanks,
   Eric
   [1] [1]https://firstlook.org/theintercept/2014/08/15/cat-video-hack/
   [2] [2]https://citizenlab.org/2014/08/cat-video-and-the-death-of-clear-
   text/
   --
   [3]https://konklone.com | [4]https://twitter.com/konklone

References

   1. https://firstlook.org/theintercept/2014/08/15/cat-video-hack/
   2. https://citizenlab.org/2014/08/cat-video-and-the-death-of-clear-text/
   3. https://konklone.com/
   4. https://twitter.com/konklone