If you want to get more hands-on familiar with these, I used to be an administrator at hackthissite.org. It's a site that has hacking "missions" which let you try to get in the shoes of the cracker. It was very helpful for me in learning about things like SQL injections and XSS.
99.999% of the content of this submission is in a link from the article submitted itself, and the article itself has only the barest familiarity with the topic ("XSSI but no XSS?").
I'm glad it was submitted, but we should vote and comment on the Google TechTalk itself. I just submitted it.
Not everyone has an hour to watch the lecture. I have been blogging about video lectures in this style for a while now, and I have received quite a few emails thanking me for providing sum-ups of the videos.
I was also very surprised at the time of submission that he talked about XSSI but did not cover XSS! Only later did I add a paragraph about XSS! Sorry about that.
Oh! I was talking about static XSS then! The example Neil gave in his talk was about dynamic XSS. I thought XSSI meant that and "XSS" meant this - http://www.cgisecurity.com/articles/xss-faq.shtml
http://hackthissite.org