Erik Veenstra's home page - Home of RubyScript2Exe and AllinOneRuby - a stand alone no install version of Ruby, ideal for running from a USB key. I was surprised at how "small" the .exe's generated by Script2Exe were - 700kb on Windows, not bad considering.

Ruby Application Archive - Nice starting point for Ruby based applications or libraries.

Ruby Doc - This is a great site. The search is fanatastic for locating libraries.

Oh yeah and the Ruby Home Page

Well after belting out 3 Ruby progs in quick succession including a prog to detect writable WebDAV directories I have boxed up all my programming books and cleared the bookshelves to make way for 2 Ruby books.

I am loving coding again.

I am burning all my coding books... Java, Perl, C++ - all going. Why? Because I just discovered Ruby!

A colleague told my about Ruby and I must admit I was pretty ambivalent about it... another language to learn, blah blah blah, that is until another colleague and I happened to encounter a pen testing problem where no reliable tools existed. I suggested we try and solve the problem with Ruby as an opportunity to learn.

Within half an hour we had a basic working brute forcing tool running, an hour later we had a tool that was able to read in user name lists, brute force the protocol we were attacking and output successful connections. From go to whoa in under an hour and a half with zero knowledge of the language.

So I am addicted to Ruby and all my future programming will be done in this great object-oriented cross-platform language. I could go on about Ruby but someone else has already done a more thorough job than I could... check out 37 Reasons I Love Ruby.

Shoutz to nighty and chaos.

This is a free tool from Microsoft that I have found really useful of late: Log Parser. Log Parser allows you to specify a myriad of input formats including:

• the registry,
  
• local filesystem,
• event logs,
• delimited text files,
• free form text files,
• IIS logs (all formats),
• XML files,
• and Active Directory!

and then run SQL commands against the input files as if they were a database table, outputting the data to another myriad of output formats including:

• XML files,
• delimited text files,
• STDOUT,
• ODBC Compliant database files,
• and Syslog

One command line of easy to understand syntax (if you know SQL) can convert XML to a csv file with data conversion along the way. Extremely handy against Event logs (failed login attempts), IIS and firewall logs.

If you are running Windows and have installed .Net framework of some sort then do a search for jsc.exe, vbc.exe and csc.exe. These are actually compilers for JScript (jsc.exe), Visual Basic (vbc.exe) and C# (csc.exe). The compilers can output standalone command line or Windows executable files.

CERT recently reported on the number of Linux/Unix and Windows vulnerabilities discovered in 2005. There were nearly 4 times as many Linux/Unix vulnerabilities found in '05 as there were Windows vulnerabilities. (Linux/Unix 2,328 vs Windows 812).

A colleague and I were discussing the numbers and his spin on it was that this trend will continue with the number of Windows vulnerabilities declining over time and the Linux/Unix vulnerabilities stabilising or slightly increasing. His reasoning (and I totally agree) is that Microsoft has got very serious about secure code and security by default whereas the Linux/Unix side of the fence is more fragmented and often contributed to via Open Source by well meaning but possibly not security minded folk.

Check out http://www.google.com/ig - which lets you personalize your Google start page. This is really awesome, I use it to aggregate all my Security RSS news feeds, keep tabs on my GMail account and check the weather (just in case I want to go outside into the real world :)

The service uses predefined content from a range of information providers or it can hook into any RSS feed.