Hackers Using Bots, Scripts To Lock Down Restaurant Reservations

Nerval's Lobster writes "Forget about hacking an app or database: for a small cadre of hackers in San Francisco, it's all about writing code that can score them a great table at a hot restaurant. According to the BBC, these developers and programmers have designed bots that scan restaurant Websites for open tables and reserve them. Diogo Mónica, a security engineer with e-commerce firm Square, is one of those programmers. A self-described foodie, he decided to get around his inability to score a table at the ultra-popular State Bird Provisions by writing a script that sent out an email every time the restaurant's reservation page changed. 'Once a reservation got canceled I would get an email and could quickly get it for myself,' he wrote in a blog posting. But soon he noticed something peculiar: 'As soon as reservations became available on the website (at 4am), all the good times were immediately taken and were gone by 4:01am.' He suspected it was automated 'reservation bots at work,' built by other programmers with a hankering for fine cuisine. 'After a while even cancellations started being taken immediately from under me,' he wrote. 'It started being common receiving an email alerting of a change, seeing an available time, and it being gone by the time the website loaded.' His solution was to build his own reservation bot, using Ruby, and post the code in the wild."

On the other hand

[xevioso]

The reservation company specifically denies that this is happening or is possible.

TFA:
http://insidescoopsf.sfgate.com/blog/2013/07/25/are-automated-bots-are-making-hot-online-reservations-impossible/

Re:On the other hand

[xevioso]

The important part, which I failed to quote:

Update, 1:20pm: Urbanspoon has released a statement that reaffirms its earlier denial, and also refutes duplicate reservations and reservation fraud (though neither of those issues are technically in dispute):
"Urbanspoon’s data on State Bird Provisions’ reservations do not support the findings reported in Diogo Mónica’s post. While we will not disclose data about specific customers, we currently have processes in place to prevent duplicate reservations and combat reservation fraud. Urbanspoon’s goal is to give real diners the opportunity to make reservations. We’ve noticed that many diners will stop at nothing to get a table at the hottest restaurants in town, like State Bird Provisions , so we are constantly working on improving the overall reservations process to give all diners an opportunity to secure a table."

Re:On the other hand

[pipatron]

And of course, everyone here knows that the answer is plain marketing bullshit.

Re:Cold Pizza

[Ambvai]

Ever try a Domino's Thin Crust with Double Bacon? One of my friends in college got two of those once and, after the puking up the first one, left the second on his desk. The next day, he found the grease soaked through the pizza, its own box, the lid of the box under it, and the bottom of the box under it, sticking it solidly to the table.

Re:I guess they never heard of CAPTCHA

[al0ha]

Wrong. OCR still can't defeat reCAPTCHA - however depending on the prize there's a multitude of other ways to do it which do not involve OCR including low paid workers in third world countries being served the captcha and solving it for the automated algorithm, or in the case of Ticketmaster, where the prizes were monetarily substantial, a group of miscreants going to the trouble of databasing just about every Captcha solution they could find. One group also was able to p0wn the audio version of reCAPTCHA for a while until it was upgraded. Another group has claimed they use OCR to defeat reCAPTCHA, but have never proven that to be the case and if they can, why not prove it?

Citations:
http://en.wikipedia.org/wiki/ReCAPTCHA
http://www.wired.com/threatlevel/2010/11/wiseguys-plead-guilty/

Re:This is why we can't have nice things

[nuckfuts]

Way to keep your response on par with your nick.