A French Security researcher who goes by the pseudonym "Elliot Alderson" has been on a rampage of security testing Indian sites for vulnerabilities and data breaches after the denial prone UIDAI dismissed issues raised by him and repeated their assertions of Aadhaar being safe. This, frankly, is bait to any security conscious person who knows that any tech being deemed perfectly safe is meaningless and when claimed by the creator about their own tech signifies ignorant arrogance. Alderson, whose core area of competence appears to be Android apps and penetration testing proceeded to bring up increasing examples of security issues, leaving developers of various sites scrambling to respond to them. He has pointed out security flaws in several Indian sites including Punjab police, ISRO, India Post, Apollo hospitals, Aligarh University, Mumbai University, Telangana NREGA, Bangalore City Police and PayTM among others. In most of the cases, he was able to get in touch with developers (India Post, ISRO, PayTM and others) and have the issues fixed before revealing details about them. Others have maintained silence. Others like PayTM or BSNL may have attempted to save face, but also fixed the reported issues and stopped defending them. Alderson has brought up issues faced by Indian researchers in getting attention to security issues due to disinterest shown by the government in responding to bug reports. Only the UIDAI appears to have persisted along the route of dismissing the issues as unimportant. Among the security issues he flagged were the details of Aadhaar…
