from Early & Adopter, comes this tip on locking down the asp.net state service to local access only.

This is great.. I ran into this just the other day when a fellow developer was looking for a way to secure the state service on an intranet. The networking guys didn't want to add yet another firewall until end of summer, and the site is in continuous development so it can get updated twice a week. When people are using it 24/7, it's annoying to reset the state, but even more annoying when people have access to state-stealing utilities. This will solve both problems, without requiring more SQL licenses.

Wonderful... I get to give him the answer and look like a brilliant hero.

Yet another reason that I can't understand why people in this industry aren't subscribed to as many rss feeds as they can find. It's to the point now where I sometimes hope that they don't find out about the .net blogsphere, as it makes me look like the most well informed developer in town.