In fairness, the CBC oracle was by some margin the most widely exploited vulnerability in cryptography prior to our challenges. I credit us a little bit with popularizing the BB'98 RSA padding oracle, though, which is similarly prevalent.
Do you consider HMAC-SHA1 to still be secure for the foreseeable future? Or you know of something that can get close to breaking it? It seems to be quantum-resistant too.