[Dshield] Cookies from homeland security???

mike newatthis at rcn.com
Mon Oct 18 18:34:24 GMT 2004

warpmedia wrote:
> Mike-
> I am not up on the state of exploits & cookies (Mozilla is less likely 
> to be so than IE AFAIK), but it supposed to that be only source domain 
> can set & read the cookies. Either way it's a legit site using Cold 
> Fusion & CFM files to serve up content and needs to set those 2 values 
> to work.
> Since you're not browsing there manually, I'd guess your start page or 
> some other page you've been too is redirecting you to 
> homelandsecurity.house.gov & then quite normally you are getting session 
> cookies from them. I'd be more looking into why you're being redirected 
> rather than pondering further these particular cookies or domain.
> What exactly is the alert saying? I must have missed the description. 
> Could be that they don't a privacy policy defined & the browser is 
> rightly warning you (but that's just an IE6 thing IIRC).
> At 10:33 AM 10/17/2004, mike wrote:
>> Matthew,
>> I wasn't visiting any site. I was just firing up Mozilla (I keep it 
>> memory resident so it starts faster if that means anything in this 
>> context) and the alert popped up.
>> warpmedia,
>> If I understand your answer, I know what cookies are and what they are 
>> used for. I always delete all cookies and clear my cache after every 
>> browser session anyways. What I was wondering was why 
>> homelandsecurity.house.gov would try to set one. I never thought - I'm 
>> half asleep right now and this is probably a real dumb question but 
>> can you spoof a cookies origin and if so why?
> Joshua MacCraw
> warpmedia at comcast.net
> http://mywebpages.comcast.net/jmaccraw
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the SANS Institute.
> To learn more about current SANS training, see http://www.sans.org .
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list

Thanks for the info. About the alert, I just meant the warning Mozilla 
displays before it allows a site to set cookies asking whether you want 
to allow a site to set cookies. As far as being redirected I don't 
"think" I'm being redirected anywhere since I'm not connected to any 
site AFAIK.


I called CERT and the guy I spoke with hadn't heard of it but was going 
to check around and get back to me.

Thanks for the help

More information about the list mailing list