Im wondering too since there are payment services out there, like bitpay that accept payments with zero confirmations. I wonder how they would handle if such a transaction would be cancelled.
I imagine it can work as long as the miner, who gets two transactions for the same coins, takes the transaction with the higher fee. But i dont know if miners have a routine for that at all.
So i would be interested to know if it works too. Though they seem confident about it.
What BitUndo advertises is something called a "race attack":
http://en.bitcoin.it/wiki/Double-spending#Race_attackMost pools use the standard reference client which accepts the first transaction received rather than the one with the highest fee. What BitUndo does differently is it chooses the one with the higher fee instead. Someone who wishes to execute a double spend attempt can push two transactions at the same time with one transaction having a higher fee than the other. If the next block is mined by BitUndo, the transaction with the lower fee is then invalidated and never included in the blockchain.
The chances of this attack succeeding depends on whether or not the next block is mined by BinUndo. If BitUndo's pool becomes more popular, then it's likely that businesses which accept zero confirmation transactions will have to change their practices. I'm not sure if it's already done but gambling sites, for example, might only honor withdrawals after the initial deposits have been confirmed. Fortunately, BitUndo is a tiny pool with a tiny hashrate and is therefore responsible for a tiny percentage of total blocks mined so the risk for businesses is still quite small.