[Dshield] Cookies from homeland security???

mike newatthis at rcn.com
Sun Oct 17 14:33:04 GMT 2004


Matthew Sowers wrote:
> What website[s] were you visiting?
>   ----- Original Message ----- 
>   From: mike<mailto:newatthis at rcn.com> 
>   To: list at lists.dshield.org<mailto:list at lists.dshield.org> 
>   Sent: Friday, October 15, 2004 3:48 PM
>   Subject: [Dshield] Cookies from homeland security???
> 
> 
>   Hey Folks,
>     On several instances I've had attempts made to set cookies supposedly 
>   from homelandsecurity.house.gov. Anybody else had this? Usually I deny 
>   them this time I let them drop in.
> 
>   Anybody know what or why?
> 
>   I'm a white male, northern eauropean descent, lived in America all my 
>   life (53 Years) and never belonged to any terrorist groups as far as I 
>   know. I consider myself a patriotic American. I don't even have any 
>   friends of Arab descent. Not predujiced just don't know any. I have two 
>   friend from India. Don't vist any sites about terrorism, bombs or 
>   anything controversial.
> 
>   Description of cookie # 1
> 
>   Name: CFID
>   Content: 1175586
>   Host: homelandsecurity.house.gov
>   Path: /
>   Send For: Any type of connection
>   Expires: Saturday, October 16, 2004 6:41:17 PM
> 
>   Description of cookie # 2 which I restricted to session only
> 
>   Name: CFTOKEN
>   Content: 93249417
>   Host: homelandsecurity.house.gov
>   Path: /
>   Send For: Any type of connection
>   Expires: at end of session
> 
>   Thanks for Any Info
> 
>   Mike Trahar
> 
>   _______________________________________________
>   DShield and the Internet Storm Center are sponsored by the SANS Institute.
>   To learn more about current SANS training, see http://www.sans.org<http://www.sans.org/> .
> 
>   _______________________________________________
>   send all posts to list at lists.dshield.org<mailto:list at lists.dshield.org>
>   To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list<http://www.dshield.org/mailman/listinfo/list>
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the SANS Institute.
> To learn more about current SANS training, see http://www.sans.org .
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
> 
Matthew,
I wasn't visiting any site. I was just firing up Mozilla (I keep it 
memory resident so it starts faster if that means anything in this 
context) and the alert popped up.

warpmedia,
If I understand your answer, I know what cookies are and what they are 
used for. I always delete all cookies and clear my cache after every 
browser session anyways. What I was wondering was why 
homelandsecurity.house.gov would try to set one. I never thought - I'm 
half asleep right now and this is probably a real dumb question but can 
you spoof a cookies origin and if so why?

Mike




More information about the list mailing list