dumbomason

590 posts

dumbomason

@dumbomason

Katılım Mart 2018

239 Takip Edilen189 Takipçiler

Sabitlenmiş Tweet

dumbomason@dumbomason·3 Kas

A bug that took 2 years in finding. Not because it was hard but because of pandemic. I really hope that DMRC is going to take some action. #Delhi #Metro #security #DigitalIndia

TechCrunch@TechCrunch

A bug in Delhi Metro's commuter smart card lets anyone ride the metro for free, a security researcher has found. tcrn.ch/3DXQW9h

English

dumbomason@dumbomason·4 Kas

It's been a month since I pointed this out. Like any other average Indian company, they didn't reply. Welp.

dumbomason@dumbomason

.@thirdwaveindia where do I report a security vuln? I shouldn't be able to view all the users, let alone admin users. Also, accidentally made myself an admin. Remove that asw. Thanks!

English

dumbomason@dumbomason·2 Eki

.@thirdwaveindia where do I report a security vuln? I shouldn't be able to view all the users, let alone admin users. Also, accidentally made myself an admin. Remove that asw. Thanks!

English

dumbomason retweetledi

lcamtuf@lcamtuf·8 Oca

My new C programming book is slowly taking shape. If you want to learn along, let's start with the basics of control flow: godbolt.org/z/3GerY3zEc 1/5

English

966

87.4K

dumbomason@dumbomason·5 Kas

@pjparties Late reply: I never thought people would gatekeep my findings haha. The document was written in public domain to educate others. Gatekeeping goes against it. :P @nkmason/p-151144499" target="_blank" rel="nofollow noopener">substack.com/@nkmason/p-151… This is the updated blog.

English

Parthenon🏛️@pjparties·14 Eki

so apparently there’s a vulnerability in delhi and blr metro that you can exploit for infinite recharge😗

English

5.2K

dumbomason@dumbomason·18 Haz

.@Swiggy 13.77 centuries for some chicken? 😅

English

168

dumbomason@dumbomason·6 Ara

.@amitgupta007 you might be interested in some of the findings :) I must say, the obfuscation that I've seen in #Yulu's android app is top notch. Tho, obscurity is not #security :) Mandatory tag, tho I know I'll be ghosted, @YuluBike

dumbomason@dumbomason

.@YuluBike stop ghosting. Either say that your systems are secure and I'm lying or acknowledge my findings. Ghosting is not gonna do anything.

English

788

dumbomason@dumbomason·28 Kas

.@YuluBike stop ghosting. Either say that your systems are secure and I'm lying or acknowledge my findings. Ghosting is not gonna do anything.

Yulu@YuluBike

@dumbomason Hey, please share your contact details via DM, and our team will get in touch with you to discuss the same.

English

1.1K

dumbomason@dumbomason·27 Kas

@YuluBike Been 3 working days. Guess you need more time to drop a "Hi" in my email inbox?

English

Yulu@YuluBike·22 Kas

@dumbomason Hey, please share your contact details via DM, and our team will get in touch with you to discuss the same.

English

386

dumbomason@dumbomason·22 Kas

hey @YuluBike, how do one file a bug report for one of your services?

English

344

dumbomason@dumbomason·22 Kas

@YuluBike You wanna take this to DMs? I found a way to start Miracle bikes without opening the Yulu app. I can elaborate more here or DMs, you decide :).

English

350

Yulu@YuluBike·22 Kas

@dumbomason Hey, Could you please elaborate on your concern? So that our team will be able to assist you better.

English

105

dumbomason retweetledi

cvam@cvam0000·16 Mar

Dear @HSBC how can you close an account without any notification. And now your officials are saying ‘you will get a demand draft worth of balance in the account’ .Is your mailing system is not working or you became so lazy to notify your customers. #fraud

Bengaluru, India 🇮🇳 English

3.8K

dumbomason retweetledi

hack4play@hack4play·19 Oca

Invitation & Call for Participation! md.ha.si/hack4play:CFP ░░ ░░█░█▀▀█░█░█▄▄░█ ▄▄█░█▄▄█░█░█░█░▄ ░░ hack4play in Fort Kochi, Kerala, Feb 1st-6th #hackbeach #hillhacks #ccc #hack4play #kochi #biennale #kochimuzirisbiennale SPREAD & RT, tnx <3

English

2.1K

dumbomason@dumbomason·3 Kas

@Root3d

GIF

QME

Gaurav Sehrawat@Root3d·3 Kas

yeah boii @dumbomason

Anuvrat Parashar@bhanuvrat

And @ilugdelhi fellow features in a Tech Crunch article!

English

dumbomason retweetledi

Anuvrat Parashar@bhanuvrat·3 Kas

And @ilugdelhi fellow features in a Tech Crunch article!

TechCrunch@TechCrunch

A bug in Delhi Metro's commuter smart card lets anyone ride the metro for free, a security researcher has found. tcrn.ch/3DXQW9h

English

dumbomason retweetledi

Animesh Ghosh@theOnlyMaDDogx·3 Kas

Shame DMRC doesn't take security seriously

TechCrunch@TechCrunch

A bug in Delhi Metro's commuter smart card lets anyone ride the metro for free, a security researcher has found. tcrn.ch/3DXQW9h

English

dumbomason retweetledi

Rushabh Mehta@rushabh_mehta·3 Kas

Delhi Metro is yet to fix the bug reported by Nikhil (@dumbomason) that allows free top ups. Just shows the state of security awareness in India’s best run public utility. Shudder to think about the rest. techcrunch.com/2022/11/02/ind…

English

dumbomason retweetledi

RISC-V Instructions@ItsABitRISCV·28 Eyl

.@intel CEO @PGelsinger examines the Horse Creek @risc_v development platform at #IntelON Features four @SiFive P550 cores at 2.2GHz with PCIe G5 & DDR5 in a 4mm x 4mm die using Intel 4 process. Coming soon(tm) to a next generation HiFive dev board

English

167

dumbomason@dumbomason·17 Ağu

This is how @videolan is being blocked on @ACTFibernet. @SFLCin

English

dumbomason@dumbomason·17 Ağu

You can change the dpid param in the URL to get other block texts.

English

dumbomason@dumbomason·17 Ağu

#vlc #websiteban Strange how @ACTFibernet's website ban technique changed from DNS tampering to just replying as the banned website. How ACT bans @videolan... A small 🧵...

English

Keşfet

@thirdwaveindia @pjparties @Swiggy @amitgupta007 @YuluBike @HSBC @Root3d @ilugdelhi