Re:Huh? We must not have read the same article... (Score 2, Interesting)

Well actually it's any application where interesting plaintext is sent at a known offset in the conversation over and over again.

I think that this means that HTTP Basic Auth over buggy SSL is vulnerable (in other words password protected web pages). Remember that the Auth header is sent in each and every page request, although its absolute offset in each HTTP req will vary with URI length in the GET/POST header. If this is known though...