@strandjs.bsky.social happy birthday mate. You are one of the heroes of the community

He seems to have completely disappeared off all social media, but happy birthday to F1nux. Wherever you are, I hope you have a good day mate.

We need help to design those cards. We need our logo on them in some way, but beyond that, we need something cheery that will make the recipients smile. Standard postcard size, no real restrictions, doesn't have to be world class artwork. Can you help? Email your designs to us or post them here

Imagine how cool it would be to see your design on a postcard and know 450 of them were sent out to people across the country? [email protected]

We need some help. We are going to work with a charity this year to send postcards to people who are socially isolated, e.g. people in care homes or hospices. Everyone will get a card in their bag that they can put a message on and then we will do the distribution.

My android left swipe news thing just lost the menu to tell it I'm not interested in things. I'm now getting pushed all sorts of stuff I don't want and can't say no.

I just got a mention on radio two for my @steelcon.info job title of chief mischief maker.

This is genius, store your card skimmer JS in Stripe and then when you've stolen the card data, store that in Stripe as well. Hats off to the criminals who thought of this. sansec.io/research/str...

Is anyone I know going to be at UK Games Expo tomorrow?

Someone got humiliated by Microsoft and now promises to shatter their bones on July 14th. The vendor's response was to call the cops. This is what happ... https://www.theregister.com/security/2026/05/28/microsoft-0-day-feud-escalates-as-researcher-threatens-another-windows-exploit-dump/5248085

Just got a PR for dvwa to fix the fact it uses md5. The comment was along the lines "why would you use something insecure like that?"

I'm going to start a trend, open toe running shoes

What a way to end a trip. @infosecmo.bsky.social I recommend a visit

I asked hashes com to crack a hash for me in August 2023 and I just got an email to say it had done it. I've no idea what it was for and there is nothing in my calendar that helps, but it's cool I've finally got it.

I've been learning some basic Ethereum block chain stuff and working through some CTFs, would anyone be interested in me doing videos or blog posts on how I solved them and stuff I learnt along the way?

Today's fun, the Seymour Sprint. 10k of beach and then tide wading for Philips Footprints #beatthetide

A big party in Sheffield centre would have an average age 20, the Liberation Day celebration in the centre of Jersey is probably 50 and it's still going off!

Driving a Nissan cashcow rental and it is the worst thing I've ever driven. The UI is almost usable but isn't

Got a Qashqai hire car. In one journey it has randomly started the engine when I took my seatbelt off and when I just opened the door. No idea what's going on but this isn't good.

Predicted shortage in aviation fuel, everyone start stockpiling it now ready for your summer holidays

Just one hour to go, get ready. ti.to/steelcon/2026

Remember, tomorrow is our second, and last, big ticket drop. Three sittings, 9:10, 13:00 and 19:00. Make sure you have your F5 fingers ready if you want to make sure you bag one before they sell out. ti.to/steelcon/2026

Kids track tickets are also on sale on Friday at 1:30pm, this is slightly after the lunchtime main drop just to try to keep things a little separate.

Workshop tickets will go on sale next week, you need a main event ticket to take one so we need everyone to be settled and know they definitely have a ticket before they start grabbing workshop tickets so we don't have to mess around cancelling them and upsetting people.

That means this Friday will be the main ticket drop. As usual, three sittings, breakfast, lunch, and dinner ti.to/steelcon/2026 This is your last chance, there may be a few more trickle out if sponsors don't take their allotments, but no guarantees.

Today is the turn of our workshops to get announced: www.steelcon.info/2026-friday-... Some returning, some new, all brilliant!

Finally found 10 minutes to update the site and put up a list of our Saturday Speakers. www.steelcon.info/2026-speakers/ We are still waiting for a few more confirmation emails from speakers to finish off the line up. I'll get the workshops up soon.

Time for a little jog round Manchester

I think I've just been trolled by Google!

I've just released a new video explaining what NPM postinstall scripts are and how they can be abused to gain a remote shell on a dev's machine or to steal secrets from GitHub. youtu.be/-S8_0LevuqY

I'd love to know how I got on the SEO spammers lists as the owner of seclist<dot>org. I regularly get emails offering to get their domain to number one on google. I do know how I got on their list for specialfriedrice, that was a really good troll and resulted in some very interesting reports.

For anyone who still uses it, I've just pushed a load of small updates to CeWL. Better email address parsing, better meta data extraction, and fixed protocol relative URL handling. Get it at github.com/digininja/CeWL

We have started sending out CFP accept emails. If you submitted but haven't got anything yet, please wait, the review process has been delayed due to illness but we will get through it as quick as we can.

A beg bounty has just come in for ssh banner version disclosure on one of my subdomains. What they failed to notice is the IP for the domain is localhost, they've scanned themselves! I'm trying to work out what to do next, I've got to get them to start attacking themselves in some way.

On Thursday someone registered a new domain and then sent me two emails from it, both from different "people" asking about my testing services. Seems like a very odd but slightly targeted attack, I'll see if they come back to me so I can work out their angle.

Time to pause the ride and sell some @steelcon.info tickets

We've still only got a couple of workshops submitted for Friday, we need some more. If you have something cool you'd like to share with the community in a hands on way, please submit it here: forms.gle/Gn6Cicdw7N6E...

The second round will be at 12 and the final round at 7pm. Kids tickets will be with the main drop after we have announced the speakers. And it looks like we might not be able to disable locking, we are working on it.

The first ticket drop off the day is at 9:10. We figured we would give you a few minutes to get a drink and settled at your office desk before opening them up. We are also going to turn ticket locking off to make it easier this year.

A reminder, our first day of ticket sales is this Wednesday. These are before the talk announcements so are perfect for those who know all the talks are going to excellent and just want to guarantee their place. ti.to/steelcon/2026

This little thing has been sitting on a local pavement since at least Friday evening. I'm so tempted to drive up and throw it in my boot, I bet it's got some good tech in it.

I've just put out a new video, What is dependency confusion, and how to exploit it. www.youtube.com/watch?v=sn7z... If you like this type of content, and think training like this could help your organisation, please get in touch.

You've got till Friday 3rd to submit your talks and workshops. We've got plenty of talks but could do with a few more workshops, so if you've got an idea, but aren't sure, submit it anyway and let us decide forms.gle/hLXt1dibQrA6...

I hate it when my machine bings at me for no obvious reason and there are 50 different apps and tabs that could have caused it.

Screw you Bugcrowd. A full, read, write, drop database given a P5 because I didn't demonstrate actually dropping the db so it is only a "not best practice" exposing the db to the world.

At the EMR Community Awards with the kids theatre group doing their play about George Stephenson.

@computerist.org happy birthday sir. Here's to many more years of hacking ahead.

We've had quite a few submissions to our CFP so far, but we still need more. If you have something interesting to share with the community, get it submitted here: forms.gle/Sx4EZNRcS9zb...

Just built a cool demo for dependency confusion with NPM. I can hijack my local packages to run malicious code. If I get time I might publish it all.