Clickjacking is nothing new but so far nobody really came up with a way to use it for bad things. I guess this has changed and some guys tried to present about their discovery at the OWASP (Open Web Aplication Security Project) conference in New York this month but I guess too much explosive material in it and the presentation was canceled. So what is clickjacking? It makes a user click on a link/button/etc. that is only visible for a short time or hardly visible.
I personally was thinking about this for years, ebing annoyed by Widnows behavior of switching the focus of windows, right int he middle when I was typing a password...I think most of us had that happen to us, at least sot of us power users ;-) This might not qualify as a clickjacking attack but for sure it is anoying and has resulted in at least oen of my passwords goign out via IM message to a friend.
Read more about clickjacking (or why nobody should know about the security problems associated with it) here:
http://ztrek.blogspot.com/2008/09/possible-clickjacking-security-flaws-in.html
http://ha.ckers.org/blog/20080915/clickjacking/
http://jeremiahgrossman.blogspot.com/2008/09/cancelled-clickjacking-owasp-appsec.html
1SSA - Security consulting, training and products: http://www.1ssa.net