By now, all but the most geriatric Web users know about phishing. Usually it takes the form of a seemingly-official email from a bank or other money-related Web service. Most of the time these attacks are painfully obvious -- but what if you removed the email attack vector? What if you removed those daft give-away URLs? What if the phishing attack was pure, seemingly-benign JavaScript that's invisible to all but the most judicious of Web users? That's exactly what 'tabjacking' does. Open Aza Raskin's proof of concept in a new tab. Admire the sample code. Now, change tabs, wait five seconds, and then watch in horror as his site seemingly becomes GMail. Malicious JavaScript injection isn't a new thing -- and this particular exploit only works in Firefox (and partially in Chrome) -- but you have to admit it's pretty damn scary. It's certainly only a matter of time until workarounds are found for the other browsers -- and the implications when com...