buy one get one free of Nando's new mini snacks.
requires an email address so your 'personalised' voucher can be generated.
read terms here: http://www.littlehotties.net.au/terms-and-conditions.php
(mailinator.com is your friend)
buy one get one free of Nando's new mini snacks.
requires an email address so your 'personalised' voucher can be generated.
read terms here: http://www.littlehotties.net.au/terms-and-conditions.php
(mailinator.com is your friend)
while your point is valid, I'm sure no one would be going through all set of ids to get some personal information and given you could possibly create infinite vouchers using mailinator, would be pointless.
That said after seeing rule #34, anything is possible
It was precisely this kind of sloppy coding that leaked information about other student's grades at USyd and made it to the news.
lol I remember that, I think alot of people have grudges against the IT admin at usyd, bigtime (like when they changed the homepage to a hate message against the IT guy a while back).
LulzSec inspired.
I know Nando's is big in the UK, but the from email address looks suspect <[email protected]>
Hope I didn't sign myself and a friend for spam :O
Halpern Cowan is just a marketing company from the UK that Nando's are probably employing to run this promotion.
That said, you will almost certainly receive future emails from them…you never get anything for free without eventually paying a price
I don't mind receiving Nando's emails, but don't want to receive other spam :(
You should be fine, Nando's only do chicken, not spiced ham! ;)
WIN!
Sigh. Didn't support + in email address, when will companies learn?
Actually it does, but gmail flags the emails as spam.
Only 500 so far :>
Has anyone got one of these yet, I put in the 'friend' email and that came immediately but 2 hours later no voucher email?
LOL i can see everyones names. Surnames and all.
wow, they are still $5 for a small burger, how much is the normal sized one?
but u get 2 which is good!
no need to sign up, just go to http://www.littlehotties.net.au/image.php?id=460 and get your voucher. The number at the end is unique to the voucher, keep increasing to get newer (expiring later) vouchers.
new generic after they fixed the website:
http://www.littlehotties.net.au/image.php?id=839&email=me@ma…
Another new generic:
http://www.littlehotties.net.au/image.php?id=488&email=gener…
they seem to have patched it
I was quite excited when we finally got a Nando's in Newy…then I ate there! Every other Nando's I've eaten at is delicious, the one in Charly Sq is simply awful…how can they stuff up a chain store food? :o
Any other Novocastrians had this experience?
how can they stuff up a chain store food: franchises.
Massive security hole. Its funny actually that the programmer is pretty exposed too.
Mod: Sorry about the removal — way too much personal details here. Yes the security sucked, but there is no need to exploit it in public here.
It's not just names that are leaking. If say a Nando competitor wanted to find out how many vouchers were issued, it's a simple matter to get the number by applying for a voucher.
that number might be useful for a very narrow and specific purpose but hardly a security breach. First and last names however is a bit more serious!
Sure it's not a security breach, I was just pointing out there is more than just names leaking out, but I wouldn't call leaking customers' first and last names a massive security hole either, unless you can blackmail people for eating Nandos. :) But it's certainly a boo-boo for a "Senior Web Developer".
[Mod: Removed personal details]
I wonder if [Mod: removed name reference] was paying attention in class when the instructor talked about SQL injection. ;)
Haha
Looks like theyve fixed it now. They probably saw this thread and realised the security hole!
At least we now know who to contact directly if we have issues with Nandos ;)
Yeah has been! nice update. Our friend Dom also secured his facey page so I dare say he knows about this page. Hope you don't get into too much hot water over that mate!
I disagree that there was no need. Showing the holes got it fixed fast.
I was just denied use of the voucher at Broadway Store Queen Street.
Not the first time … learn how to do a promotion.
maybe get in touch with Boris: http://www.borisjacquin.com/contact/
give him a piece of your mind.
report to headoffice here:
http://www.nandos.com.au/feedback.php
They will appreciate your feedback.
Lol @ [Mod: removed name reference] grabbing the first 10 or so
Anyone successfully used yet?
Used generic one in Queensland today no questions asked, I was the first. to use.
Reminder that this expires today!
I haven't had the chance to try it, so I will miss out.
Gr8 deal have tested in QLD as well worked fine no Q asked either…. :-)
I don't know why I bother helping Nandos since the offer price is what it should be all the time but here's another Generic Person coupon:
http://www.littlehotties.net.au/image.php?id=2365&email=anot…
When you read the email in mailinator, it gives you a link to a page with your image. In theory you could substitute other ids in the URL and get other people's images and front up to the shop as that person. Hmm, information leak, when will these web coders learn. LOL