Rsnake "discovered" a new type of attack called
clickjacking. He was originally going to present it at today's OWASP conference, but voluntarily kept the lid on it because of the widespread implications.
There has been a lot of discussion about what this might be, but Michel Zalewski (a Google researcher) posted a
pretty detailed description of a problem that sounds like something that would be called Clickjacking (he called it a "UI Redress" attack). Zalewski wrote
Silence on the Wire, which is still my favourite security book.
So yeah, if you read the first part of Zakewski's post, it's pretty interesting!
