Rsnake "discovered" a new type of attack called clickjacking (http://ha.ckers.org/blog/20080915/clickjacking/). He was originally going to present it at today's OWASP conference, but voluntarily kept the lid on it because of the widespread implications.
There has been a lot of discussion about what this might be, but Michel Zalewski (a Google researcher) posted a pretty detailed description (http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2008-September/016284.html) of a problem that sounds like something that would be called Clickjacking (he called it a "UI Redress" attack). Zalewski wrote Silence on the Wire (http://lcamtuf.coredump.cx/silence.shtml), which is still my favourite security book.
So yeah, if you read the first part of Zakewski's post, it's pretty interesting!