Well, MD5 attacks are actually quite old news[1,2,3,4]. There even are some open source projects to help you find them[5]. Would love to hear more details on what was the breakthrough that Flame introduced.
Edit: The breakthrough that Flame introduced can be read here[8, 9]
SHA-1 is not yet broken, as MD5 is, but fortunately we are having the SHA-3[6] competition (like we had for AES[7]).
That depends when this attack was first conducted and when this variant of the cryptanalysis on MD5 was made as Marc Stevens sums up [1]:
More interestingly, the results have shown that not our published chosen-prefix collision attack was used, but an entirely new and unknown variant. Therefore it is not unreasonable to assume that the particular chosen-prefix collision attack variant underlying Flame had already been in development before June 2009. This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis.
Edit: The breakthrough that Flame introduced can be read here[8, 9]
SHA-1 is not yet broken, as MD5 is, but fortunately we are having the SHA-3[6] competition (like we had for AES[7]).
[1] http://www.springerlink.com/content/d7pm142n58853467/?MUD=MP
[2] http://www.computer.org/portal/web/csdl/doi/10.1109/CIS.2009...
[3] http://eprint.iacr.org/2010/643
[4] http://stackoverflow.com/questions/1999824/whats-the-shortes...
[5] http://code.google.com/p/hashclash/
[6] http://en.wikipedia.org/wiki/Sha3
[7] http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
[8] http://www.cwi.nl/news/2012/cwi-cryptanalist-discovers-new-c...
[9] http://news.ycombinator.com/item?id=4080240