It seems strange that two of the strongest names in Web security would be caught out hyping a set of vulnerabilities that have been known about for more than five years, but it does go to show that even in the fairly narrow field of Web security (as part of the overall Information Security sphere) it is still possible to discover something "new" that is actually several years old, and that applications can still be vulnerable to it.
As with the other partial disclosures to date, you're going to have to wait until the next round of security conferences to find out more (have you noticed a trend, yet?).
As with Kaminsky's DNS flaw that has preceded them, it seems that nothing really new has been thrown up by these recent partial disclosures. What it should highlight is that there are going to be more problems affecting core Internet technologies (some of which Fyodor mentions) that are going to regain attention, which isn't necessarily a bad thing.
For people already well versed in the technologies being targeted, a lot of it is going to elicit the response of "well, duh, we already knew that". A response to that will be "Well, why haven't you done anything about it, then?".
Unfortunately for everyone, some of these technologies have become an essential part of our everyday existence and there really isn't anything better out there to replace them with. Even if there was, the cost to completely replace them would be likely to put the economic bailouts to shame. Others have the problem that the very feature that makes them so useful is the same one that the vulnerability researchers are trumpeting as being weak, except there isn't really another way to do the same thing.
To some readers this might read like some sort of mid to late 90s "manifesto", but fair's fair if vulnerability researchers are resurrecting old vulnerabilities from that sort of timeframe (the posturing is also eerily reminiscent of that time).