Skip to content
By using Twitter’s services you agree to our Cookies Use. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads.
  • Home Home Home, current page.
  • Moments Moments Moments, current page.

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?

    New to Twitter?
    Sign up
fs0c131y's profile
Elliot Alderson
Elliot Alderson
Elliot Alderson
@fs0c131y

Tweets

Elliot Alderson

@fs0c131y

French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others. Not completely schizophrenic. Not related to USANetwork. DMs open.

Joined June 2015

Tweets

  • © 2018 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list


    Under 100 characters, optional

    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    Elliot Alderson‏ @fs0c131y Jun 5

    How to not implement OTP authentication by @UIDAI. For OTP authentication, the official #Aadhaar #android app: 1) Wait for a new SMS 2) Check if the sender name is XXXXX-ADHAAR 3) After that they are taking the 6th word in the SMS Can you see the problem @UIDAI?pic.twitter.com/E65E0Zsf4l

    This media may contain sensitive material. Learn more
    8:27 AM - 5 Jun 2018
    • 183 Retweets
    • 362 Likes
    • Nανneet Sαndhu ravindranath barathy अनुराग मल्हान tidU⏺ MangoIndian Nigam Acharya KAALU Mujahed khan🦁 Virtual Thinker
    49 replies 183 retweets 362 likes
      1. New conversation
      2. Vishal jotshi‏ @vishaljotshi Jun 5
        Replying to @fs0c131y @UIDAI

        Whats the problem in this ? This is just an enhancement ,can you elaborate how this can cause security problem?

        2 replies 1 retweet 5 likes
      3. ShashankSwamy‏ @shashankswamy Jun 5
        Replying to @vishaljotshi @fs0c131y @UIDAI

        Really?

        1 reply 0 retweets 3 likes
      4. Vishal jotshi‏ @vishaljotshi Jun 5
        Replying to @shashankswamy @fs0c131y @UIDAI

        Yes really , can you explain pls? How otp reading method of aadhar app affects its security?its their own app , they can choose whatever way they want , how would it affect the security?

        1 reply 0 retweets 4 likes
      5. Abhishek Kumar‏ @geekinkuwait Jun 5
        Replying to @vishaljotshi @shashankswamy and

        You cannot do stuff the way you want because it's your app. UIDAI is handling sensitive data of millions of Indians. Certain security standards must be followed. This code can be written by a 2nd year CS student.

        1 reply 0 retweets 7 likes
      6. Vishal jotshi‏ @vishaljotshi Jun 5
        Replying to @geekinkuwait @shashankswamy and

        Can you cut the crap and move to the security part? I am still waiting

        3 replies 0 retweets 12 likes
      7. kuldeep dwivedi #HDL‏ @kuldeep10m Jun 5
        Replying to @vishaljotshi @geekinkuwait and

        Agreed. There is no security related issue while receiving OTP in Aadhaar app. Every standard app do the same. This guy.@fs0c131y just getting attention by making fool to some non technical guys

        0 replies 0 retweets 6 likes
      8. End of conversation
      1. New conversation
      2. FyR0z‏ @FyR0z_ Jun 5
        Replying to @fs0c131y @UIDAI

        What is this IDE I like the color 🤔

        4 replies 0 retweets 1 like
      3. Saurabh Mathur‏ @saurabhmathur94 Jun 5
        Replying to @FyR0z_ @fs0c131y @UIDAI

        It's Android Studio. Darcula theme

        1 reply 1 retweet 8 likes
      4. 1 more reply
      1. Satya Puniani‏ @punnitalks Jun 5
        Replying to @fs0c131y @UIDAI

        but but but... we have 13 foot high walls! no one can get into the CIDR! 🤦‍♂️

        0 replies 0 retweets 8 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. New conversation
      2. Ganesh Kumar‏ @eamganesh Jun 5
        Replying to @fs0c131y @UIDAI

        Last several years, I stopped spending on anti virus softwares because i became little bit careful with my PC usage. Lets make the user aware that, that is all it takes. I rest my case now.

        1 reply 0 retweets 1 like
      3. Bokbok‏ @bokbokwhoosh Jun 6
        Replying to @eamganesh @fs0c131y @UIDAI

        Are you on Windows? Because if so, your case might um be rather well rested indeed..

        1 reply 0 retweets 1 like
      4. Ganesh Kumar‏ @eamganesh Jun 6
        Replying to @bokbokwhoosh @fs0c131y @UIDAI

        Yes, im on windows, i use insider builds, i can say i never re-installed windows in last several due to any sort of infection, i do often re install coz of bugs

        1 reply 0 retweets 1 like
      5. Bokbok‏ @bokbokwhoosh Jun 6
        Replying to @eamganesh @fs0c131y @UIDAI

        You do realise that the sign of a gold virus is that there is no sign of it? I'd use atleast a firewall.

        0 replies 0 retweets 2 likes
      6. End of conversation
      1. #DestroyTheAadhaar #BanDigitalElections #DefeatCIA‏ @Stupidosaur Jun 6
        Replying to @fs0c131y @UIDAI

        #DestroyTheAadhaar #BanDigitalElections #DefeatCIA Retweeted #DestroyTheAadhaar #BanDigitalElections #DefeatCIA

        There is no right way to do SMS OTP. SMS OTP is getting phased out & new systems just starting out shouldn't use it at all. How come a security expert like u never talk about that? Aadhaar is intentional bomb India is made to sit on by (((Western Thugs)))https://twitter.com/Stupidosaur/status/961140724661149696 …

        #DestroyTheAadhaar #BanDigitalElections #DefeatCIA added,

        #DestroyTheAadhaar #BanDigitalElections #DefeatCIA @Stupidosaur
        One important thing about Aadhaar or any centralized system,particularly connected to money, which I have not said so far, is how it completely destroys any security by obscurity which we have enjoyed so far. Take the example of mobile OTP.
        Show this thread
        0 replies 1 retweet 2 likes
        Thanks. Twitter will use this to make your timeline better. Undo
        Undo
      1. New conversation
      2. Ganesh Kumar‏ @eamganesh Jun 5
        Replying to @fs0c131y @UIDAI

        3. Let's assume an app is waiting and listening to your sms with header containing the word adhaar, and detects your otp and sends it to the hackers server, that's not uidai's security failure but the user's carelessness in allowing unknown app to read your messages. /n

        1 reply 0 retweets 2 likes
      3. Jeevan M R‏ @jee1mr Jun 5
        Replying to @eamganesh @fs0c131y @UIDAI

        Yeah. But to do that, you don't need to reverse engineer and see the source code. You can do this for any app sending OTP.

        0 replies 0 retweets 2 likes
      4. End of conversation
      1. New conversation
      2. Mayank raj‏ @imRajMayank Jun 5
        Replying to @fs0c131y @UIDAI

        Still confused regarding the inner for loop🤔. Why is it used ?🤔

        1 reply 0 retweets 7 likes
      3. 1 more reply
      1. New conversation
      2. Jeevan M R‏ @jee1mr Jun 5
        Replying to @pkphilips @fs0c131y @UIDAI

        Nah. It's definitely being checked. Instead of you filling it on the app, it fills it for you by reading your sms. And obviously compared against the server side value.

        2 replies 0 retweets 0 likes
      3. Prem Philip‏ @pkphilips Jun 5
        Replying to @jee1mr @fs0c131y @UIDAI

        The code is bizarre. Look at that last loop. The for loop iterates as many times as there are words in the split but only item being used is the item at the 6th position (split[5]).

        1 reply 0 retweets 0 likes
      4. 1 more reply

    Loading seems to be taking a while.

    Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

      Promoted Tweet

      false

      • © 2018 Twitter
      • About
      • Help Center
      • Terms
      • Privacy policy
      • Cookies
      • Ads info