Surf Jack.

I got into contact with Sandro from enablesecurity a couple of times before. But the last time I talked with him he gave a very interesting concept that I haven't saw before. He called it: Surf Jacking, HTTPS will NOT save you[1]. Well, what can I say, given the DNS mayhem that is going on lately, this is another hot coal that should be understand by everyone in the security industry before attackers will start to use it in the wild.

Watch the video by Sandro Gauci from enablesecurity demonstrating Surf Jack:

Surf Jacking Gmail demonstration from Sandro Gauci on Vimeo.

[1] http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/
source: OWASP News