Both of these tools don’t go into most of the problems that we were able to overcome, because they weren’t working with our original idea - they took it and built their own based off the idea (despite what the press releases claim) which can be proven by the fact that I’ve been talking about this publically for months and have been working on it for most of this year. Oh well… at least the rest of the world knows the truth. I’m not really into conspiracy theories, but read SPI’s paper (the first paragraph) and then read Jeremiah’s talk overview and tell me that idea is legitimately theirs. It’s a little disheartening that security companies are stealing ideas. As if we don’t have enough actual bad guys to battle. Alas.
Anyway, despite the immaturity going on, this is a really exciting time for cross site scripting, as we are uncovering all sorts of new practical applications for it. I see this as a doorway project, that will lead to all sorts of interesting development in cross site scripting malware. I, for one, am excited!