Brewly - Worldwide Marketplace

He just *might* have a vendor account AND a buyer account. *Just might.*

Or, you're full of shit.
Right, so since you can't tie a name to that order, your evidence is where you think WFO resides? C'mon man.

"Or, you're full of shit."
I'm not the one speculating here.
 
Nah, thought the guy was legitimate. Then he decided to go for the extortionist play after we couldn't replicate what he claimed to be able to do.
I kind of have an issue with this...so despite all the talk about how you thought the system couldn’t be hacked and offering a somewhat large bounty for someone to do it, you just assumed that someone was able to break in and chose not to try and replicate it prior to talking job offers.

With all due respect, that kind of shows that you lack confidence in the security of your system, despite the fact that you were offering a challenge for people to hack it.

If I am sure that the sky is blue and someone comes along and tells me it’s green I’m going to tilt my head and look up prior to offering them a position as my interior decorator.

I don’t know man...I’ve tried to keep an open mind here but things just aren’t adding up for me. Maybe bullet is full of shit...maybe you are full of shit...I’m not sure, but either way it definitely causes me to question you and your business sense
 
You and @Jacked82 are twisting and convoluting my point. My whole point was, yes, I agree the vetting is necessary, but I don't believe that, as adults, we should conduct ourselves as children. If you have a point, then make your point. If there is a crack in the hull of the ship, it will sink. Yelling insults at a sinking ship will not make it sink faster, and conversely, if there is not crack in the hull, yelling insults at the ship will not make it crack.

I guess I just expected more from this forum, because it does seem there is a large enough portion of decent, well thought out people on here, and I thought it would be different and I thought it would be some reprieve from typical social media. But all I am seeing is more of the same shitty attitudes I get to see all over traditional social media, and from ALL of our elected officials.

If you feel like reading a little bit, I can assure you we have insulted every source. Eventually they gain respect and the insults slow. Titanium Gear (TGI) is a good example.

But yelling more insults absolutely does sink the ship faster. There’s 100s of examples of that. Venom Pharma is a funny one. There were a bunch of rebrands that came thru 2 summers ago (Olympia, Saiyan, Tiny Red (Giant).

Again, it’s how MESO does it. The good sources (and now markets) endure and eventually the product and services speak for themselves. We don’t have much info on the sources that reside in the Brewly market. That’s why we repeatedly ask questions. So far all we now is it’s an open market, that charges 5% on top of what the vendor charges. This should benefit us by convenience and competition that will drive prices down (though vendors already left so the competition is drying up). You don’t know if the product is real, made cleanly, or dosed accurately. What are you paying for? Why be polite?

MESO is free and not really moderated. We’re a bunch of meatheads abusing hormones. We’ve been compared to gorillas that forgot their ADHD medicine. [emoji2369]
 
I kind of have an issue with this...so despite all the talk about how you thought the system couldn’t be hacked and offering a somewhat large bounty for someone to do it, you just assumed that someone was able to break in and chose not to try and replicate it prior to talking job offers.

With all due respect, that kind of shows that you lack confidence in the security of your system, despite the fact that you were offering a challenge for people to hack it.

If I am sure that the sky is blue and someone comes along and tells me it’s green I’m going to tilt my head and look up prior to offering them a position as my interior decorator.

I don’t know man...I’ve tried to keep an open mind here but things just aren’t adding up for me. Maybe bullet is full of shit...maybe you are full of shit...I’m not sure, but either way it definitely causes me to question you and your business sense
Just making the terms of the position known. Frankly, it should be public somewhere on the site.
 
If you feel like reading a little bit, I can assure you we have insulted every source. Eventually they gain respect and the insults slow. Titanium Gear (TGI) is a good example.

But yelling more insults absolutely does sink the ship faster. There’s 100s of examples of that. Venom Pharma is a funny one. There were a bunch of rebrands that came thru 2 summers ago (Olympia, Saiyan, Tiny Red (Giant).

Again, it’s how MESO does it. The good sources (and now markets) endure and eventually the product and services speak for themselves. We don’t have much info on the sources that reside in the Brewly market. That’s why we repeatedly ask questions. So far all we now is it’s an open market, that charges 5% on top of what the vendor charges. This should benefit us by convenience and competition that will drive prices down (though vendors already left so the competition is drying up). You don’t know if the product is real, made cleanly, or dosed accurately. What are you paying for? Why be polite?

MESO is free and not really moderated. We’re a bunch of meatheads abusing hormones. We’ve been compared to gorillas that forgot their ADHD medicine. [emoji2369]
"You don’t know if the product is real, made cleanly, or dosed accurately. What are you paying for?"

"open market"

Not quite. And by all means, don't order from names you don't recognize. That's your prerogative. We have a few big names DO, Pharmasource, Hilma, Colonial, etc

app.JPG
 
Just making the terms of the position known. Frankly, it should be public somewhere on the site.
Once again...that’s a dodge.

So if I came to you and said I was ready to collect my bounty you would first discuss terms of a position that I expressed no interest in, prior to discussing the bounty that I’m trying to claim?

Who does that?
 
Once again...that’s a dodge.

So if I came to you and said I was ready to collect my bounty you would first discuss terms of a position that I expressed no interest in, prior to discussing the bounty that I’m trying to claim?

Who does that?
Well I'm sorry you see it that way. I've provided all the information I can:

- You guys can attempt to replicate his exploit. Give it a shot.
- I've shown you guys how to fake a leak by making an unpaid order and editing
- I've posted screenshots of me searching for the order number
- Not one customer has come forward to report the leak

Anyone can reach me by email and discuss the bounty or joining our team. Perhaps I was a little too friendly. He seemed well spoken and legitimate. I totally admit my mistake there.
 
For anyone tuning in, it’s not a 10k bounty to be collected when you hack the site. It’s a damn job where you will make 10k over the course of it. Oh brother

Seriously though there’s no bounty as the bounty is already owed to a member but not being payed. I highly highly suggest if someone else’s cracks it don’t take it to brewly in private as that’s how the last fella got screwed.
 
I for one do not believe vendors are leaving Brewly because of Meso. It's obvious what the reason is. One thing and one thing only-safety. Maybe they told you that to save face, however we can all see the writing on the wall and have since day one.

Just a reader an observer but I’ll tell ya what’s funny is 90% of you guys when Sym did whatever he did and the LE or Post Office guy came to that members door and the member posted all about it . You guys all backed the member. All of ya said that you’d never order again if sym ever returned or even changed his security measures bla bla bla .

Guess what 90% of y’all went rite back to Sym .

Just Watch ... Brewly will prob become the biggest source or market place for sources on Meso [emoji1787][emoji1787][emoji1787]

It’s simple , order or don’t order .

And [mention]BigBaldBeardGuy [/mention] before ya rag on me , because I do respect ya for what I know if ya , I know you guys do what you do for a reason I get that but good lord either order or don’t . Ok maybe I’m up to 300 pats now , dammmit not yet lol
 
Jesus christ! How many newbs read a few pages and get lost. This business model makes it easy to get what you want with "less" risk than the way it has been done. So what if you have to break off some to the middleman that is representing other known labs while pushing lesser known labs. As long as everyone gets what they want, I don't see a problem. I don't clip coupons yet I want what I order. This is going to work, or its not.
 
Guess what 90% of y’all went rite back to Sym .

Just Watch ... Brewly will prob become the biggest source or market place for sources on Meso [emoji1787][emoji1787][emoji1787]

There was a pretty long gap (a couple months I think) between when Sym went dark for a bit and when he came back. You need to realize a lot of new members join during that time. To them, Sym seemed ok. I don’t know that 90% went right back. But you do have a point. Some guys are just desperate for a source and that desperation gets them doing bad things. As soon as floaters were found though and his thread got lit up he left. I’m sure guys STILL would have ordered. Lol, that’s crazy.

And [mention]BigBaldBeardGuy [/mention] before ya rag on me , because I do respect ya for what I know if ya , I know you guys do what you do for a reason I get that but good lord either order or don’t . Ok maybe I’m up to 300 pats now , dammmit not yet lol

I’m not gonna beat on you. You summed it up. “Order or don’t order”. Some guys have higher standards than others, usually based on experience (getting burned in the past or seeing other guys getting burned).

I might sound like a jerk to these sources (and open marketplaces) because they are too stubborn to listen.

I guarantee if Brewly required his vendors to have batch numbers, post photos of their labs on the Brewly site, test their products each batch, and give incentive to customers to do their own testing then he wouldn’t have half the questions we are badgering him with.

The only thing he would have to prove is the security of his website - which seems to be the very biggest issue at the moment. He’s wasted an entire week and he gets agitated when we ask the same shit repeatedly. Well he’s simply NOT listening and he’s stubbornly stuck in his own vision for his site.

I always go back to TGI as an example. He didn’t have magic raws or anything secret. He LISTENED and adapted. Up until he got too popular and it went to his head. Any source (or open marketplace for sources) that listens will enjoy the same success here. But they all have their own ideas on how to do stuff as if this is really complicated. It’s simple, we want clean, accurately dosed gear at a reasonable price with good service. They want our bitcoins.
 
I have some questions and apologize if these have been answered somewhat but would like some clarification on a few things.

I took a quick look at your website, and I somewhat applaud you for the simplicity, and lacking open-source 3rd party plugins which all seem to be vulnerable and give a foothold into your server.

Anyway, it's a fabricated order. Anyone can do this. I implore you to try it. It's a lot easier than you think (google "inspect element"):
Editing the form isn’t anything. That’s not an exploit or vulnerability. But that member does bring up an interesting point. How do you handle the session? Cookies? What are you doing to protect the customer from session hijacking?

Your shipping information and messages are encrypted with AES-256. In the event of a hypothetical leak/hack, a perpetrator would only see random strings of characters.
A few questions here.
1. How is your private key stored/protected? (You don’t have to go into detail here, but I am looking for some key words).

2.) This is encryption at rest. Meaning if someone acquired physical access to your servers; popped it open and plugged the hard-drives in, all they would see are random strings. I also see the website is using SSL which protects in transit. Good. This leads me to my next question

Furthermore, our site is hosted on offshore, non-compliant servers.
3.) Since you’re an “international marketplace” with vendors across the globe, how are you ensuring the end user/customer is connecting to a server location in which their country has 0 relation with?

4.) Non compliant servers are fun. Can you go into detail here? How are you going to handle the snooping ISP upstream that the (I’m assuming) data center they are colocated in?


Anyone can reach me by email and discuss the bounty or joining our team. Perhaps I was a little too friendly. He seemed well spoken and legitimate. I totally admit my mistake there.
A bug/exploit bounty program? I kind of like that. In fact, many of the big tech companies out there do similar. They don’t pay upfront, however if you find something they will pay you for reporting it. I’ve done this once or twice (legally) to make a nice little bonus check. Most would rather sell it to a shadow broker..
 
Just a reader an observer but I’ll tell ya what’s funny is 90% of you guys when Sym did whatever he did and the LE or Post Office guy came to that members door and the member posted all about it . You guys all backed the member. All of ya said that you’d never order again if sym ever returned or even changed his security measures bla bla bla .

Guess what 90% of y’all went rite back to Sym .

Just Watch ... Brewly will prob become the biggest source or market place for sources on Meso [emoji1787][emoji1787][emoji1787]

It’s simple , order or don’t order .

And [mention]BigBaldBeardGuy [/mention] before ya rag on me , because I do respect ya for what I know if ya , I know you guys do what you do for a reason I get that but good lord either order or don’t . Ok maybe I’m up to 300 pats now , dammmit not yet lol
Idk about others but when I mark someone off the list.... they are done. I also start hunting when I'm down to like a years worth left. Thats gonna change though with this apocalypse approaching. I'll be my own private source soon, for life.
 
Back
Top