There’s a nasty new security threat making waves on the web. Actually, clickjacking, as this attack is known, isn’t entirely new, but because no one has yet come up with an effective solution, it remains a serious threat. And clickjacking is the worst sort of security risk — it’s transparent to the unwitting user, simple to implement and difficult to stop.
The basic idea is that an attacker loads the content of an external site into the site you’re visiting, sets the external content to be invisible and then overlays the page you’re looking at. When you click a link you see on the current page, you are in fact clicking on the externally loaded page and about to load pretty much whatever the attacker wants.