Olivia
Online
Karan M
@KaranSMittal
🙌 Your boring Data guy with 9 years of experimenting.
🤓 Enjoying curiously data science
🛠️ Building
India
Joined September 2020
1.2K Following
631 Followers
9.9K Posts
Everyone needs to hear this:
Effortlessness is earned.
Has someone looked at the current ministers in the cabinet and done a deep dive of where their children got educated before they cone spewing their gyaan to the youth of the country who are fighting for decent & transparent education practises?
I’m convinced that no matter how you choose to live, people will tell you that you’re doing it wrong. Wrong priorities. Wrong work. Wrong relationships. Wrong whatever. Your entire life will change the moment you learn to smile, nod, and ignore every single one of them.
Life advice nobody taught you in school...
Solomon's Paradox
(a visual thread)
Who to follow
Nishant Jain 🦕 
@devnishant10
ai, frontend, community ✦ engineer @thisdotlabs ✦ prev - solutions @vana ✦ integrations @appwrite ✦ ai @etharaai ✦ devrel @fastn_stack (yc'21) 🚀✦
Mradula Mittal
@MittalMradula
A creative and curious tech enthusiast | Content Writer |
Reader || Crocheter
Vinayak Gavariya
@VinayakGavariya
AI, DevEx & DevRel @SarvamAI • Ex: @bluelearn • Opinions are my own
be @ni5arga
→ 19 years old, from West Bengal, studied in Delhi for a few years
→ just finished his own Class 12 exams in 2026
→ calls himself a hobbyist cybersecurity researcher
→ says he is an engineer, not a hacker
→ built an OSINT engine, a stock-tracking TUI, a pastebin in Rust
→ once found bugs in FOSS United and disclosed them quietly
→ just another CBSE student watching his own board roll out a new digital marking system
then he opened the portal
→ CBSE moves Class 12 evaluation to On-Screen Marking, 1.8 million students affected
→ Nisarga sees the portal link is fully public, gets curious
→ opens DevTools, downloads the Angular JavaScript bundle
→ first vulnerability found in 30 minutes
→ a literal master password sitting in plain text inside the frontend code
→ enter it, the OTP field auto-fills, the entire login flow gets bypassed
→ OTP validation happens in the user's browser, not on the server
→ no route guards, every internal page reachable by editing browser storage
→ password reset API never checks the old password
→ systemic IDOR across the entire API, change one value in sessionStorage, become any examiner
→ outcome: take over any teacher account, view answer sheets, edit marks
25 February 2026. He reports everything to CERT-In the same day.
→ CERT-In asks for a screen recording, he sends a full walkthrough
→ acknowledgement comes back as a boilerplate reply
→ reference number assigned: CERTIn-16590126
→ he follows up multiple times. no response.
→ three months pass. portal still live. Class 12 results released. vulnerabilities still there.
→ 22 May: publishes the blog post and a thread on X
→ Deedy Das, Satish Acharya, Internet Freedom Foundation amplify it
→ the post goes viral
→ CBSE issues a clarification: that was just a test portal, no breach
→ the URL CBSE cited in their own tweet was not even a registered domain
→ a friend buys the domain and points it at Nisarga's blog
→ CBSE quietly deletes the tweet
then it gets worse
→ 25 May: finds an SQL injection vulnerability on the live production portal
→ reports to CERT-In, gets a one-line thank you
→ gains admin access to the live https://t.co/1WpmNGsczK server
→ portal stays up for four more hours
→ he uploads anime videos and memes, links them publicly from CBSE servers
→ plays a viral Japanese song on a CBSE page, makes the news for it
→ CBSE finally takes the whole portal down
then he reads the database
→ master table accessed: 10 GB, 9.3 million records
→ examiner names, addresses, school names, bank account details
→ passwords stored in plain text
→ login tokens anyone can paste into a browser to log in as that user
→ 31 May: finds a second live CBSE production portal, 45,074 records of failed payments
→ emails, phone numbers, payment IDs, order IDs, all readable
→ 31 May, the bigger one: an AWS S3 bucket is misconfigured
→ ListObjectsV2 works without authentication, the bucket root is listable
→ samples pulled from 18 lakh scanned 2026 answer sheets, every subject
→ multiple institutions sharing the same bucket
→ also notices something strange in the scans: bedsheets visible in the background of answer sheets CBSE paid for proper scanners to handle
CBSE responds
→ posts an AI-generated image saying the system is robust and secure
→ three days later admits some vulnerabilities existed and have been contained
→ refuses to name the cybersecurity firm doing the audit
→ claims they tried contacting him. he says they have not.
→ Internet Freedom Foundation writes to the Ministry of Education and CERT-In
→ asks for an investigation into CBSE, a review of the contract with vendor Coempt EduTeck, a full audit
→ he points out he could have sold this data and made a lot of money
→ he did not. he is a CBSE student too.
→ his own analogy: the door wasn't just unlocked. the key was lying on the ground in front of everyone.
a 19-year-old with a anima pff broke a national exam evaluation system in 30 minutes with browser developer tools and the government is still pretending it was a test environment
A lesson I wish I learned earlier: Think in decades (even while you act in days).
Daily discipline without long-term direction is dangerous. You get so focused on moving that you stop asking what you're moving toward. You optimize for the days and forget the decades. And slowly, without realizing it, you drift away from what you were actually trying to build.
There's a question I often ask myself:
How would you approach what you're doing right now if you knew you'd be doing it for the next ten years?
The question helps you avoid the short-term traps that plague every endeavor. Chasing trends at the expense of authenticity. Chasing value extraction at the expense of value creation. Chasing money at the expense of energy.
The question can be applied to every area of life:
How would you approach this relationship if you knew you'd be in it for the next ten years? You wouldn't approach it as a transaction, with your hand out, looking to extract value.
How would you approach this workout if you knew you'd be training for the next ten years? You wouldn't push yourself to injury chasing a single session.
How would you approach this work if you knew you'd be doing it for the next ten years? You wouldn't cut corners to hit an arbitrary quarterly result.
Think long. Act now.
CBSE people didn't configure their AWS bucket properly and now we can paginate & enumerate all their media which has 2026 answersheets & question papers. ListObjectsV2 works without any auth and the bucket root is listable too — anyone on the internet can download any scanned booklet — across institutions. Multiple institutions are using the same bucket, insanely insecure.
The national high school exam of India, CBSE, has been Pwned!
This incompetent organization continues to deny the allegations against them. And a teenager has taken over their prod servers hosting the exam booklet scans of 2M test takers. They have just taken it down.
All they had to say is "can you help us fix the problem?" but their ego is too big to admit they were wrong.
Incompetence is one thing. The complete lack of accountability to the nation while your servers get catastrophically owned is another. Internet-scale embarrassment.
Dharmendra Pradhan's son
is studying in America, so did Nirmala's and Jyotiraditya.
Piyush Goyal's son is studying in Singapore, Anurag Thakur's son is studying in Canada.
S. Jaishankar's son is studying in the UK & even Smriti Irani (who hardly studied) sent son to study there.
Nishikant Dubey's son studied in Scotland
So why would these people bother about NEET paper leak
or CBSE scam or communal distortion of history by NCERT?
Or care about your children getting pushed around in trains and buses or even committing suicide?
Government of Hypocrites from Top to Bottom!!
No mainstream media has covered this yet.
What a pathetic state!
तो @cbseindia29 को कोई भी कंपनी उसके अपने ही बनाए नियमों पर खरी उतरती नहीं दिखी, तो उन्होंने योग्यता ही कम कर दी ताकि कोई तो आ जाए। फिर एक ऐसी कंपनी आई जिसने पहले ही कई कांड कर रखे थे।
अब @dpradhanbjp रील बनवा रहे हैं और @narendramodi कैबिनेट मीटिंग में हायड्रेटेड रहने के सुझाव बाँट रहे हैं। कभी बच्चों के बारे में भी सोच लो मोदी जी! परीक्षा पर ही दूसरी बार चर्चा कर लो अपने मंत्रियों के बीच। हर स्तर पर इतने समझौते?
In this country, incompetence is not a problem, Talent is!!
@RituRathaur Openly calling for Genocide! Damm!
I often wonder how many extraordinary people waste their entire lives waiting for permission from some invisible arbiter that doesn't even exist.
Misery loves those who wait. Those who look around waiting for someone to come tap them in. To give them permission to do the things they want to do.
I spent most of my life waiting for permission. Permission to live differently. Permission to pursue my weird interests. Permission to share things with the world.
But the truth is that we live in an increasingly permissionless world.
Technology has cracked the walls of credentialism.
Opportunity is more freely accessible than ever before. You don’t need a stamp of approval. You just need to create things of value. You just need to go do things.
Your entire life will change when you stop waiting for permission to live the life you want. Good things don’t come to those who wait. Good things come to those who tap themselves in.
The life you want is on the other side of the permission you give yourself to live it.
इतनी भयावह तरीके से, तड़पा तड़पा कर, 15 साल के बच्चे गौरव शर्मा की हत्या कर दी गयी!
शव की हालत देखने लायक नहीं!
माता पिता पर क्या गुज़र रही होगी, इसका अंदाजा भी नहीं लगा सकते!
आखिर इस हत्याकांड पर चुप्पी क्यों??
#Justice_Gaurav_Sharma
I’m convinced that knowing when to keep your mouth shut is the ultimate life hack.
जनता का खून पीने के बाद,
रिकॉर्ड तोड़ महँगाई के बाद
देश की तेल कंपनी रिकॉर्ड तिमाही प्रॉफिट डिक्लेअर कर रहीं हैं ।
ग़ज़ब सरकार है - जनता त्रस्त, तेल कंपनियाँ मस्त!
Software engineering at the tipping point https://t.co/DlDLbujoLX via @YouTube
@MeritvsQuota And then people complaint that we aren't getting good infrastructure and basic amenities. Understanding it will do wonders that its politicians that are trying to divide and conquer. all should come together and promote meritocracy and actually will help everyone!
General Category Students with scores 100% in Exam were Rejected for Government Job.
Haryana Staff Selection Commission (HSSC) for Junior System Engineer had 50% Reservations with additional 10 Marks for SC/ST/OBC Students.
Many General Category Students scored 90/90 marks in exam but got 0 Bonus Marks due to being a General.
This makes it 90/100 of total marks they scored.
And so they got rejected for the Job.
If scoring 100% marks in exam is not enough to land you a Job then its better to leave this country for your own good.
Last Seen Users on Sotwe
daniyal
Seen from Netherlands
bagas
Seen from Indonesia
pecintaibu2434
Seen from Singapore
Barış Reus
Seen from Turkey
xvanana100
Seen from Australia
الملكه
Seen from France
siap sedia
Seen from Malaysia
Ricardo Sparta
Seen from Argentina
WOT IS WONDERFUL
Seen from Indonesia
Mutlu ve mutlu
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers
✨
⭐
💫