It looks to me the attack either wasn't that pervasive, or the solution wasn't that thorough:
Sullivan's team rapidly coded a two-step response to the problem. First, all Tunisian requests for Facebook were routed to an https server. The Https protocol encrypts the information you send across it, so it's not susceptible to the keylogging strategy employed by the Tunisian ISPs.
Https would still be suceptible to keylogging. I won't detail how the attack would be laid out (wouldn't want to inspire potential attackers ;) ), but https won't protect from a keylogging javascript being attached to the login page by an ISP. Do your research on MIM attacks if anyone wants to find out.
So, either the solution won't work, or the attack wasn't as cleverly implemented.
And let me say which one it is: both.
I've just inspected facebook's login page, and it transmits passwords in the clear (in a POST request), protected only by a MIM-vulnerable https implementation. Yet, the article says facebook reports that their workaround "seems to work". It would only work if the attack was poorly implemented.
