Right, so since you can't tie a name to that order, your evidence is where you think WFO resides? C'mon man.
"Or, you're full of shit."
I'm not the one speculating here.
MESO-Rx
Anabolic Steroids
Brewly - Worldwide Marketplace
- Thread starter Brewly
- Start date
"Or, you're full of shit."
I'm not the one speculating here.
My application for “vulnerability tester”....
When do I hear if I got the job, beautiful Brewly?
jaycutlerslefttesticle
Member
I kind of have an issue with this...so despite all the talk about how you thought the system couldn’t be hacked and offering a somewhat large bounty for someone to do it, you just assumed that someone was able to break in and chose not to try and replicate it prior to talking job offers.
With all due respect, that kind of shows that you lack confidence in the security of your system, despite the fact that you were offering a challenge for people to hack it.
If I am sure that the sky is blue and someone comes along and tells me it’s green I’m going to tilt my head and look up prior to offering them a position as my interior decorator.
I don’t know man...I’ve tried to keep an open mind here but things just aren’t adding up for me. Maybe bullet is full of shit...maybe you are full of shit...I’m not sure, but either way it definitely causes me to question you and your business sense
evoNVmem.2
New Member
If you feel like reading a little bit, I can assure you we have insulted every source. Eventually they gain respect and the insults slow. Titanium Gear (TGI) is a good example.
But yelling more insults absolutely does sink the ship faster. There’s 100s of examples of that. Venom Pharma is a funny one. There were a bunch of rebrands that came thru 2 summers ago (Olympia, Saiyan, Tiny Red (Giant).
Again, it’s how MESO does it. The good sources (and now markets) endure and eventually the product and services speak for themselves. We don’t have much info on the sources that reside in the Brewly market. That’s why we repeatedly ask questions. So far all we now is it’s an open market, that charges 5% on top of what the vendor charges. This should benefit us by convenience and competition that will drive prices down (though vendors already left so the competition is drying up). You don’t know if the product is real, made cleanly, or dosed accurately. What are you paying for? Why be polite?
MESO is free and not really moderated. We’re a bunch of meatheads abusing hormones. We’ve been compared to gorillas that forgot their ADHD medicine. [emoji2369]
Just making the terms of the position known. Frankly, it should be public somewhere on the site.
But you say this as if you know who the fabricated order is for.
"You don’t know if the product is real, made cleanly, or dosed accurately. What are you paying for?"
"open market"
Not quite. And by all means, don't order from names you don't recognize. That's your prerogative. We have a few big names DO, Pharmasource, Hilma, Colonial, etc
jaycutlerslefttesticle
Member
Once again...that’s a dodge.
So if I came to you and said I was ready to collect my bounty you would first discuss terms of a position that I expressed no interest in, prior to discussing the bounty that I’m trying to claim?
Who does that?
Well I'm sorry you see it that way. I've provided all the information I can:
- You guys can attempt to replicate his exploit. Give it a shot.
- I've shown you guys how to fake a leak by making an unpaid order and editing
- I've posted screenshots of me searching for the order number
- Not one customer has come forward to report the leak
Anyone can reach me by email and discuss the bounty or joining our team. Perhaps I was a little too friendly. He seemed well spoken and legitimate. I totally admit my mistake there.
Highly doubtful he is ordering his raws from DO.....
For anyone tuning in, it’s not a 10k bounty to be collected when you hack the site. It’s a damn job where you will make 10k over the course of it. Oh brother
Seriously though there’s no bounty as the bounty is already owed to a member but not being payed. I highly highly suggest if someone else’s cracks it don’t take it to brewly in private as that’s how the last fella got screwed.
Seriously though there’s no bounty as the bounty is already owed to a member but not being payed. I highly highly suggest if someone else’s cracks it don’t take it to brewly in private as that’s how the last fella got screwed.
combover
Well-known Member
bounty hunters are as good at collecting their bounties as they are at finding vulns
wickedbit
New Member
So he tells you what he did and what he found, your team could replicate it and they fix it all while getting a new host?
phenominal34
Member
Just a reader an observer but I’ll tell ya what’s funny is 90% of you guys when Sym did whatever he did and the LE or Post Office guy came to that members door and the member posted all about it . You guys all backed the member. All of ya said that you’d never order again if sym ever returned or even changed his security measures bla bla bla .
Guess what 90% of y’all went rite back to Sym .
Just Watch ... Brewly will prob become the biggest source or market place for sources on Meso [emoji1787][emoji1787][emoji1787]
It’s simple , order or don’t order .
And [mention]BigBaldBeardGuy [/mention] before ya rag on me , because I do respect ya for what I know if ya , I know you guys do what you do for a reason I get that but good lord either order or don’t . Ok maybe I’m up to 300 pats now , dammmit not yet lol
Whopperflopper
Well-known Member
Jesus christ! How many newbs read a few pages and get lost. This business model makes it easy to get what you want with "less" risk than the way it has been done. So what if you have to break off some to the middleman that is representing other known labs while pushing lesser known labs. As long as everyone gets what they want, I don't see a problem. I don't clip coupons yet I want what I order. This is going to work, or its not.
There was a pretty long gap (a couple months I think) between when Sym went dark for a bit and when he came back. You need to realize a lot of new members join during that time. To them, Sym seemed ok. I don’t know that 90% went right back. But you do have a point. Some guys are just desperate for a source and that desperation gets them doing bad things. As soon as floaters were found though and his thread got lit up he left. I’m sure guys STILL would have ordered. Lol, that’s crazy.
I’m not gonna beat on you. You summed it up. “Order or don’t order”. Some guys have higher standards than others, usually based on experience (getting burned in the past or seeing other guys getting burned).
I might sound like a jerk to these sources (and open marketplaces) because they are too stubborn to listen.
I guarantee if Brewly required his vendors to have batch numbers, post photos of their labs on the Brewly site, test their products each batch, and give incentive to customers to do their own testing then he wouldn’t have half the questions we are badgering him with.
The only thing he would have to prove is the security of his website - which seems to be the very biggest issue at the moment. He’s wasted an entire week and he gets agitated when we ask the same shit repeatedly. Well he’s simply NOT listening and he’s stubbornly stuck in his own vision for his site.
I always go back to TGI as an example. He didn’t have magic raws or anything secret. He LISTENED and adapted. Up until he got too popular and it went to his head. Any source (or open marketplace for sources) that listens will enjoy the same success here. But they all have their own ideas on how to do stuff as if this is really complicated. It’s simple, we want clean, accurately dosed gear at a reasonable price with good service. They want our bitcoins.
I have some questions and apologize if these have been answered somewhat but would like some clarification on a few things.
I took a quick look at your website, and I somewhat applaud you for the simplicity, and lacking open-source 3rd party plugins which all seem to be vulnerable and give a foothold into your server.
1. How is your private key stored/protected? (You don’t have to go into detail here, but I am looking for some key words).
2.) This is encryption at rest. Meaning if someone acquired physical access to your servers; popped it open and plugged the hard-drives in, all they would see are random strings. I also see the website is using SSL which protects in transit. Good. This leads me to my next question
4.) Non compliant servers are fun. Can you go into detail here? How are you going to handle the snooping ISP upstream that the (I’m assuming) data center they are colocated in?
I took a quick look at your website, and I somewhat applaud you for the simplicity, and lacking open-source 3rd party plugins which all seem to be vulnerable and give a foothold into your server.
Editing the form isn’t anything. That’s not an exploit or vulnerability. But that member does bring up an interesting point. How do you handle the session? Cookies? What are you doing to protect the customer from session hijacking?
A few questions here.
1. How is your private key stored/protected? (You don’t have to go into detail here, but I am looking for some key words).
2.) This is encryption at rest. Meaning if someone acquired physical access to your servers; popped it open and plugged the hard-drives in, all they would see are random strings. I also see the website is using SSL which protects in transit. Good. This leads me to my next question
3.) Since you’re an “international marketplace” with vendors across the globe, how are you ensuring the end user/customer is connecting to a server location in which their country has 0 relation with?
4.) Non compliant servers are fun. Can you go into detail here? How are you going to handle the snooping ISP upstream that the (I’m assuming) data center they are colocated in?
A bug/exploit bounty program? I kind of like that. In fact, many of the big tech companies out there do similar. They don’t pay upfront, however if you find something they will pay you for reporting it. I’ve done this once or twice (legally) to make a nice little bonus check. Most would rather sell it to a shadow broker..
xgunx
Well-known Member
Idk about others but when I mark someone off the list.... they are done. I also start hunting when I'm down to like a years worth left. Thats gonna change though with this apocalypse approaching. I'll be my own private source soon, for life.
