ubiquitin writes: Web application security researcher Arian Evans has posted previously unrelease details of Microsoft's.NET 1.1 string validation routines. This includes anti cross site scripting request validation routines as well as a more generic ValidateString method. Such disclosure is expedient for all appsec researchers wishing to find holes in.NET applications.
Carl Bialik from WSJ writes: "More companies are forgoing desktop and laptop computers for dumb terminals — reversing a trend toward powerful individual machines that has been in motion for two decades, the Wall Street Journal reports. 'Because the terminals have no moving parts such as fans or hard drives that can break, the machines typically require less maintenance and last longer than PCs. Mark Margevicius, an analyst at research firm Gartner Inc., estimates companies can save 10% to 40% in computer-management costs when switching to terminals from desktops. In addition, the basic terminals appear to offer improved security. Because the systems are designed to keep data on a server, sensitive information isn't lost if a terminal gets lost, stolen or damaged. And if security programs or other applications need to be updated, the new software is installed on only the central servers, rather than on all the individual PCs scattered throughout a network.'"