Niskarsh S.

The reason Modi remains totally silent on crises like the CBSE OSM fiasco is that the issue will then reach the entire Indian population quickly, which otherwise would be restricted to a small group of directly affected folks, as the entire Godi Media suppresses stories with an unmatched zeal, and WhatsApp University creates diversions and new nonsense every hour. So issues die their unnatural early death, and he simply moves on. Repeat on loop.

The govt should consider creating a national pool of young ethical hackers, cybersecurity researchers, and talented students to regularly test the security of its websites and digital infrastructure. Every year, crores are spent on private contractors to build and maintain govt portals. Yet many remain slow, poorly designed, vulnerable to security flaws, plagued by glitches, and raise concerns about data privacy. As the recent CBSE controversy showed, even a small technical vulnerability can trigger confusion, mistrust, and nationwide outrage. So why not tap into the talent that already exists in the country? A structured bug bounty and security-audit program, with attractive rewards, would encourage some of India's brightest minds to identify vulnerabilities before malicious actors do. The cost would be a fraction of current spending and should be made part of contractors' obligations. While some govt platforms already have bug bounty programs, the current approach is either not comprehensive enough or not effective enough. A stronger, centralized, and better-funded system may be needed. No system is perfectly secure, but having thousands of skilled people actively looking for weaknesses is more effective than relying solely on a handful of vendors.

A researcher found critical Windows zero-days. Reported them to Microsoft. Microsoft denied the bug bounty. Deleted their account. Banned them from GitHub. Then threatened criminal charges. The researcher dropped six zero-days in six weeks. Three got used in real attacks within days. Other researchers are now handing them free vulnerabilities as a gift. Microsoft’s Digital Crimes Unit is considering legal action. Against the person whose bugs they refused to pay for. This is Microsoft’s bug bounty program.

CBSE people didn't configure their AWS bucket properly and now we can paginate & enumerate all their media which has 2026 answersheets & question papers. ListObjectsV2 works without any auth and the bucket root is listable too — anyone on the internet can download any scanned booklet — across institutions. Multiple institutions are using the same bucket, insanely insecure.

THREAD: The Ghost Who Stared Back: Ajit Doval’s Secret War for Bharat Some heroes hold swords. Others walk into the enemy’s den wearing a smile, a fake beard, and no backup. Ajit Doval was never just a man. He is Bharat’s eyes in the dark, its mind in the shadows, and when needed, its wrath in silence. From disguises to diplomacy, espionage to execution; Ajit Doval’s life isn’t a story. It’s a multi-decade operation. Let me tell you a story. 1/