Filter
Exclude
Time range
-
Near
Tipping Point@Tipping_PT
24 Mar 2018
See how #Entrepreneurs are benefited by advice from Tipping Point. bit.ly/AadhaarAPI_Hindustant… #HTPune @cioangelnetwork @aadhaarapi @mehtasanjay @maheshwaribind1
6
13
Baptiste Robert
@fs0c131y
15 Feb 2018
Me, thinking about my CV. I will add: - @UIDAI best friend - @aadhaarapi buddy - A reccuring nightmare for @getpeid - @WikoMobile lover - Twitter porn bot hunter
3
7
68
Ravi A@ravinininin
19 Jan 2018
Replying to @fs0c131y
These same jokers (Quagga Tech) were responsible for API key leak that resulted in fakes getting into the system. medium.com/karana/insecure-a…
2
Vidyut
@Vidyut
19 Jan 2018
Replying to @aadipa @nixxin @fs0c131y @UIDAI
If their front facing sites are this carelessly coded, is it even safe to integrate the api with production sites?
1
1
5
aadipa@aadipa
19 Jan 2018
Replying to @iamabofh @gabbi612 @supersaiyan_9 @fs0c131y
Already agreed on this. In current structure, Khosla Labs are UIDAI endpoint, AadharAPI is not. They need to extend the net. Sub AUA gets data from AUA who gets it from ASA who have access to Aadhaar data via UIDAI. AUA and ASA are under formal agreement with UIDAI.
1
2
ColaBlizzard 🇮🇳@colablizzard
19 Jan 2018
Replying to @fs0c131y
@gautambhatia88 Could someone bring this thread to the notice of Mr. Divan?
1
2
Srivatsan@supersaiyan_9
19 Jan 2018
Replying to @gsurya @iamabofh @fs0c131y
Ohh, no! IQ doesn't matter here! It seems they missed out on seeking the blessings of goumata or sprinkling her holy waste over the keyboard.
1
10
Srivatsan@supersaiyan_9
19 Jan 2018
Replying to @gabbi612 @iamabofh @fs0c131y
Private or not doesn't matter. Whoever has been implementing #Aadhar infrastructure and its dependent services are hilariously and shamefully incompetent. It's scarier because it's not like a app that you can choose not to use. You're already using it, indirectly.
1
2
aadipa@aadipa
19 Jan 2018
Replying to @iamabofh @gabbi612 @supersaiyan_9 @fs0c131y
Had implemented PCI DSS where I work, know the stuff. UIDAI have already documented everything. But you will always find some developer who is not reading everything in docs and relying on forum like groups.google.com/forum/m/#!…

2
2
Suryanarayan Ganesh@gsurya
19 Jan 2018
Replying to @iamabofh @supersaiyan_9 @fs0c131y
We can call them #LowIQSanghis except these are educated type
3
5
aadipa@aadipa
19 Jan 2018
Replying to @iamabofh @gabbi612 @supersaiyan_9 @fs0c131y
I did a little Google and found that AadharAPI are just Sub-AUA most probably getting their data from @KhoslaLabs which is primary AUA and responsible for security of data. Here is total list of AUA maintained by UIDAI. uidai.gov.in/images/list_of_…

1
1
4
Suresh R@iamabofh
19 Jan 2018
Replying to @aadipa @gabbi612 @supersaiyan_9 @fs0c131y
A special sort of private company given the amount of access they have. A security auditor would have nightmares with this entire mess.
1
1
3
Dinesh Shetty
@Din3zh
19 Jan 2018
Replying to @fs0c131y
@rssharma3 @UIDAI - Am assuming you still want to stick to your age old dialogue of 'There has never been an Aadhar breach , and anyone saying otherwise is a lier'?
2
6
aadipa@aadipa
19 Jan 2018
Replying to @fs0c131y
@UIDAI can you look into this? You need to extend your security checks to all 3rd party like these and avoid such potential vulnerabilities.
2
3
8
aadipa@aadipa
19 Jan 2018
Replying to @gabbi612 @iamabofh @supersaiyan_9 @fs0c131y
It is a private company, providing paid services on top of data they purchase from UIDAI. It's not Aadhaar itself.
1
2
Rahul@DamnSerious789
19 Jan 2018
Replying to @fs0c131y
Thank you for ur excellent work.
3
Suresh R@iamabofh
19 Jan 2018
Replying to @supersaiyan_9 @fs0c131y
Guys at least learn to use puppet if you want to make us poor Indians into puppets at the end of the aadhaar chain. You're doing stupid things I've seen developers fired for, one after the other.
2
8
13
Honkey Dankey@honkey_dankey
19 Jan 2018
Replying to @fs0c131y
ANDDDD... ..JUST LIKE THAT they have the "worlds most largest private database?" FFS
2
13
Srivatsan@supersaiyan_9
19 Jan 2018
Replying to @fs0c131y
Hey @aadharapi, Can you please tell us how the swap file got there? Do you not have a proper deployment process? Or is there no review of what gets committed and pushed? Or do your devs write code on the production machine (scary!)?
1
7
17
Vidyut
@Vidyut
19 Jan 2018
This. For example. You're offering a secure AadhaarAPI for others to use "securely" and are running a wordpress without basic scans, obviously. Who is responsible if your shoddy coding habits compromise client sites?

Baptiste Robert
@fs0c131y
19 Jan 2018
As the issue is now fixed, let disclose the details of the @aadhaarapi vulnerability I found 3 days ago. #wordpressForDummies #Aadhaar #AadhaarFail
1
2
Load more