Brickset ForumHome›
Shopping at LEGO or Amazon?
Please use our links: LEGO.com • Amazon
As an Amazon Associate we earn from qualifying purchases.
Please use our links: LEGO.com • Amazon
As an Amazon Associate we earn from qualifying purchases.
BrickLink Hacked!
DadsAFOL
Member Posts: 617
Shopping at LEGO.com or Amazon?
Please use our links: LEGO.com • Amazon
Recent discussions • Categories • Privacy Policy • Brickset.com
Howdy, Stranger!
Categories
- All Categories
- 16.2K General
- 3 Announcements
- 3.1K Collecting
- 3.7K Everything else LEGO
- 1.7K Building and Techniques
- 2.3K Brickset
- 14 Ambassador
- 1K Introduce yourself
- 385 The Database
- 438 Brickset.com
- 316 Forum Operation
- 15 FAQs
- 13.9K Shopping
- 1.7K Shopping USA/Canada
- 337 Shopping Elsewhere
- 11K Marketplace
- 1.2K Other
- 571 Community and Events
- 262 Photography/Video
Brickset.com is a participant in the Amazon Services LLC Associates Program, the Amazon.com.ca, Inc. Associates Program and the Amazon EU Associates Programme, which are affiliate advertising programs designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.
As an Amazon Associate we earn from qualifying purchases.
Comments
such a bunch of a## holes those hackers...
What a nightmare for Eric.
I've just contacted my current deals on Bricklink and said, "why don't we just give them a few days to sort it out.". It isn't a big operation, they may need time to just get it sorted...
It is Lego, we can all wait a few days. ;)
http://www.bricklink.com/message.asp?ID=641027
Its the 'inventory_verify.asp 1102' error.
Shame, as I can't really wait a few days - I'd put today aside to list a large amount of inventory on Bricklink, so I'm stuck with putting it onto fleabay and scamazon instead.
He's been updating on his progress on the new Twitter account if you want to see how it's progressing.
They have run unsecured for a very long time and have gotten away with it. I completely get the issues involved, they are a small family business that doesn't have the resources or budget to pay for real site development.
Sad to say, but a lot could be accomplished by raising the commission to 5% and paying for real site development. No one wants to hear that of course, but it would solve the problem at hand.
Just my opinion...
A simple example is the auto industry, the cost to redesign a car and retool a factory is very expensive, hundred of millions of dollars, sometimes billions of dollars.
So trying to keep an existing model on the road makes a lot of sense, they can profit off a car design for longer, making money without spending money, but sooner or later that backfires as the car is out of date and sales slow down and require ever larger price discounts to move vehicles.
At some point, you aren't making money on your existing cars because of the discount, and without those profits you don't have the money to redesign.
Note that it seems that the Bricklink people were/are planning on a relaunch of their site with current web technology. This was posted by Eric Smith after the hacking event:
"We are working with a third-party security firm to help identify as many security holes as possible, covering SQL injection, cross-site scripting, etc. These patches are being done regardless of the fact that we are already making plans for a new ASP.NET based site with security baked in from the beginning. We simply can’t wait."
It does need to be updated, and you're right, it sounds like that has been a work in progress...
It always seems so easy to do it, but having run more than one business myself, it is always harder in the trenches than it is on the 50 yard line yelling at the coach on what to do. :)
But i don't know. It's not my field. Plus i suppose if someone is determined enough, they'll break anything eventually... though it'll smell a bit fishy if a competing legosite springs up in the next week or two! I certainly wouldn't trust it.... :os
I think it's a pretty fair amount for both sellers/site owners/admins!
Like @legomatt stated above,this percentage that's already given shall be enough to keep the site secured!
If the sellers-fee will be raised i'm pretty sure a lot of sellers would jump off the BL-train (so would i do!)! I know ebay fees are higher but ebay is way way much better known than BL,so usually you'll fetch higher prices when selling stuff on ebay!
We don't know what BrickLink's finances look like, but I'm sure if they were strapped for cash increasing the fee from 3% to 5% or even more would alienate only a very small portion of sellers.
If Bricklink fees went up 2%, the prices would follow... but if it meant a better designed web site that was secure and easier to use, that would more than make up for it.
If someone opened a competitor site that had that functionality baked in, I think BL would have quite a challenge on their hands... so long as sellers also see benefits in joining.
When i sell a figure on ebay i usually fetch a higher price than the one i would get at BL! Of course buying and selling single parts on ebay doesn't really make sense these days but especially sets&figures go very well on ebay!
I have a pretty small BL-shop and it's really a hassle to compete with bigger stores especially internationally(i'm from germany)so if the fees would go up to 5%or even 9%(like ebay) i guess i would close my store. As soon as i add the higher fees to the price of my inventory i guess i wouldn't sell anything no more because i couldn't compete with bigger stores!
But, for the majority of established sellers, particularly those with a large inventory of parts, Bricklink (right now) is the only option. Right now it would take a very large project to rival BrickLink, and I just don't think anyone wants to take that on at the moment.
For simple things like MISB retail sets, eBay is fine. But for used sets, individual parts, and other oddities, eBay just won't cut it. There aren't enough buyers looking for "1x4 lattice fences" or "used-but-complete Walking Astro Grapplers" on eBay. God forbid there were, because it'd be impossible to find what you were looking for.
Also, the pace of eBay is faster than BrickLink. If you put something up on eBay, it's only there for a limited time, and the seller is paying money to get it listed. It's not laid back like the BrickLink model, where you can list whatever you want for free, for as long as you want, and let your inventory sit there until a buyer comes along. Very beneficial when pairing up a buyer and seller can take a long time!
As for being a small family-owned business that can't afford professional development-- that's probably not *quite* true. They probably have enough to *have* professional developers come in and re-write the site (that's how Eric's doing that, it seems), but I wouldn't expect they have enough to maintain more than a handful of full-time staff. IE, if they have enough to pay (say) 3-10 people, they'd have to make sure that one of them was a full-time developer. Not impossible to do by any means-- but tricky to find a person that's a good fit.
DaveE
That is the free market at work. :)
If the fees go from 3% to 5% on Bricklink, all sellers would have to raise their prices. Also, it is worth considering that if you can't make money at 5% fees, you aren't making money at 3% either.
2% is a gross margin that only companies like Walmart can deal with.
http://www.bricklink.com/message.asp?ID=642624
The only download I know of is this one, but doesnt seem to be any use
http://www.bricklink.com/catalogDownload.asp
http://www.bricklink.com//invExcel.asp
(You can then import into Brickstore if desired for offline management)
If a competitor had something ready to launch, the time would be now. HUGE opportunity to create that critical mass from day 1 - assuming you were ready for it of course.
It might be slow-going at first, but if you have a better product, people would undoubtedly migrate. An obvious caveat is BL could improve it's interface before enough people migrated...
Speaking of critical mass, I can imagine one scenario in which it would be easy to get critical mass for a competing site: if Brickset launched it's own version of a LEGO product marketplace.
As someone stated before, eBay and other sites do not work well for parts the way BrickLink does.
possibly some of which that lead to the security breach.
we really don't know the extent of the security that WAS in place either.
It might be possible for a competitor to get a good start on recreating their own version by reverse engineering the one on Bricklink. You wouldn't get pictures and you might have to renumber all the parts, but you could get all the relationships of parts to sets. You might be able to use the names too.
However, it would be much better for everyone involved if Bricklink just got its act together and modernized their site.
^Lots of functionality is only great when it makes what you want to do easier. Without a good interface, a lot of it goes to waste. Command line interfaces have a lot of functionality (and can be very useful tools) but most people still use graphical interfaces on a day to day basis because of the ease of use.
sure... it looks old.
and there are improvements to be made, but it does work with relative little work.
i'm not a seller, so i can't comment on that side, but as a frequent buyer, i don't have many complaints.
making it *look* newer would probably solve most peoples qualms with it.
I would love a search by ... contains a generic piece (use asterisk in the description) in certain colour. I know that is unlikely.
What it could really do with is the cheapest for multiple parts search that is on here.
As for why it has been hacked - the competitor idea is probably a bit far fetched. I reckon it was hacked because it could be hacked. I'm fairly disappointed that the site has managed to get so big and generate fairly serious revenue without them considering, well maybe they have considered it, but implementing proper security.
It's focusing on that kind of thing, rather than getting the basics really sorted, that's got them to where they are today.
Eg. If I want the cheapest torso I can search for 973*. The title will have things like "Black Torso Police Leather Jacket" but if I search for 973* and a colour name, it fails. Why can you not search for item number and part of the title at the same time (or indeed any attribute associated with the item)? It seems stupid you can do one but not multiple. Most decent databases allow you to search over the entire record, rather than just one field. There are ways around it. In this case "torso hand* black" will help strip out the bionicle torsos and other junk since they do not have hands and give me most of the correct colour although will pick up ones with black details, black arms, etc, but this will give me torso assemblies only, and not torsos.