Gaming Foursquare With 9 Lines of Perl 84
caffeinemessiah writes "With the recent launch of Facebook Places, the rise to prominence of Foursquare and GoWalla, and articles in the New York Times about the increasing popularity of 'checking in' to locations using GPS-enabled mobile phones, a number of businesses are wondering how to reward frequent patrons. But exactly how susceptible are these 'location based services' to being abused? A researcher at the University of Illinois at Chicago shows how easily Foursquare can be gamed in 9 Perl statements, and invites readers to submit more succinct versions of the code to game the system."
An anonymous reader contributes a link to a similar article about spoofing Facebook Places to create an alibi.
Great idea. (Score:1, Insightful)
> NOTE: To get this script to work, you must replace XXXXXX with the Base64
> encoded version of "email/phone:password", so base64("john@doe.com:mypassword").
> Here's Google's top ranked site for online Base64 encoding.
Yeah, what should go wrong by running your email/password-combo through a server-side Base64 encoder.
So wait... (Score:5, Insightful)
Did any body else catch that the Foursquare API has you sending your username and password in the clear?
Please tell me you can do all this on port 443 and that your phone is using SSL.
That said, I love it!