Clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
Combine clickjacking with the Flash Player Setting Manager page (http://www.macromedia.co
I reported the vulnerability to Adobe through the Stanford Security Lab, but they didn't respond for a few weeks, so I decided to post about it on my blog. It made headlines in CNET, Wired, The Register, Ars Technica, Gizmodo, etc. and so Adobe was forced to quickly fix it (which they did in less than 2 days). You can read the full explanation on my blog here: http://www.feross.org/web
Keep in mind: I discovered this vulnerability in just a few hours, while procrastinating on studying for my final exams. That means I had no profit motive (I did this because I was curious) and limited resources (I just viewed the source code of Adobe's website).
Therefore, people with more resources and more to gain (like criminals and national government agencies) certainly know about similar or better vulnerabilities.
I used to think that people who put tape over their webcams were just paranoid or weird. After I discovered this vulnerability, that changed. :) Now I use the tape trick as well.