|This weekend, I had the misfortune of attending Bloc Weekend, a music festival in London that was shut-down by police due to overcrowding (http://www.thecmuwebsite.com/article/bloc-weekend-shut-down-amidst-over-crowding/).|
The ticket vendor, ironically named CrowdSurge, are wiping their hands clean of the incident:
"Upon release of any further information from Baselogic, in particular the refund process for which they are solely responsible, we will contact you again."
The really interesting bit for me is that there were obvious problems with the ticketing system with the barcodes not being scanned correctly, I saw numerous people experiencing this.
I had 3 tickets, each sent to me via email. The ticket contains a barcode, which was scanned at the door. Allow me to present the HTML from the ticket below, in all it's secure glory:
Now I'm not saying that CrowdSurge are solely responsible for what happened at the event, but as you can plainly see above, it's not very difficult at all to fake a ticket. Buy one, you'll have the numeric sequence, print numerous, arrive early, you're in.
Obviously the barcode image URLs need to be protected by unguessable ids with some sort of brute-force velocity checking, not just a URL that you can pass any number into and get a valid barcode in return.
The really unfortunate thing here is that CrowdSurge are a startup trying to disrupt the industry, but surely they have to get their technology a whole lot smarter than this if they want any skin in the game.