So, apparently they didn't break full SHA-1, only SHA-0 and a reduced-round version of SHA-1. Interestingly, I heard tonight from a security researcher that when SHA-1 was being designed, the NSA suggested a minor tweak, without which full SHA-1 would be vulnerable to this attack.
This is alternately heartening and scary. It's heartening, obviously, because it shows that the NSA basically does want civilians to have good security. It's scary because it means that the NSA foresaw the possibility of this weakness a decade ago, which puts them a decade ahead of the combined might of the entire civilian cryptographic research community.