I’m sure you’ve all seen iTunes gift cards for sale in the stores this holiday season. You may also have heard that there is a bit of a security problem going around with them.
It works like so: the attacker writes down the activation number of the next card in line to be purchased. He then goes home and waits for a few days, and then tries logging into iTMS using the stolen code. If, in the meantime, a customer has purchased the card, the activation will work, and the attacker can steal the value off of the card.
Apple knows about this problem, and has a FAQ entry urging users to not buy cards with the code scratched off. If every minimum-wage cashier in the world checks these cards religiously, then it’s a perfect plan. 