[Dshield] Cookies from homeland security???

Matthew Sowers msowers77 at msn.com
Mon Oct 18 18:54:46 GMT 2004


I use an app called protowall. It's an ip filtering app that uses many different ip lists. I have seen some weird things with many government sites. They do set a cookie and the cookie sorta of recognizes you. So whenever you visit another government site it is recorded to a central database. They are just keeping track of who is visiting where and when. Guess it is a good thing and not much of a security hazard. 
  ----- Original Message ----- 
  From: mike<mailto:newatthis at rcn.com> 
  To: General DShield Discussion List<mailto:list at lists.dshield.org> 
  Sent: Sunday, October 17, 2004 7:33 AM
  Subject: Re: [Dshield] Cookies from homeland security???


  Matthew Sowers wrote:
  > What website[s] were you visiting?
  >   ----- Original Message ----- 
  >   From: mike<mailto:newatthis at rcn.com<mailto:newatthis at rcn.com>> 
  >   To: list at lists.dshield.org<mailto:list at lists.dshield.org<mailto:list at lists.dshield.org<mailto:list at lists.dshield.org>> 
  >   Sent: Friday, October 15, 2004 3:48 PM
  >   Subject: [Dshield] Cookies from homeland security???
  > 
  > 
  >   Hey Folks,
  >     On several instances I've had attempts made to set cookies supposedly 
  >   from homelandsecurity.house.gov. Anybody else had this? Usually I deny 
  >   them this time I let them drop in.
  > 
  >   Anybody know what or why?
  > 
  >   I'm a white male, northern eauropean descent, lived in America all my 
  >   life (53 Years) and never belonged to any terrorist groups as far as I 
  >   know. I consider myself a patriotic American. I don't even have any 
  >   friends of Arab descent. Not predujiced just don't know any. I have two 
  >   friend from India. Don't vist any sites about terrorism, bombs or 
  >   anything controversial.
  > 
  >   Description of cookie # 1
  > 
  >   Name: CFID
  >   Content: 1175586
  >   Host: homelandsecurity.house.gov
  >   Path: /
  >   Send For: Any type of connection
  >   Expires: Saturday, October 16, 2004 6:41:17 PM
  > 
  >   Description of cookie # 2 which I restricted to session only
  > 
  >   Name: CFTOKEN
  >   Content: 93249417
  >   Host: homelandsecurity.house.gov
  >   Path: /
  >   Send For: Any type of connection
  >   Expires: at end of session
  > 
  >   Thanks for Any Info
  > 
  >   Mike Trahar
  > 
  >   _______________________________________________
  >   DShield and the Internet Storm Center are sponsored by the SANS Institute.
  >   To learn more about current SANS training, see http://www.sans.org<http://www.sans.org/<http://www.sans.org<http://www.sans.org/>> .
  > 
  >   _______________________________________________
  >   send all posts to list at lists.dshield.org<mailto:list at lists.dshield.org<mailto:list at lists.dshield.org<mailto:list at lists.dshield.org>>
  >   To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list<http://www.dshield.org/mailman/listinfo/list<http://www.dshield.org/mailman/listinfo/list<http://www.dshield.org/mailman/listinfo/list>>
  > _______________________________________________
  > DShield and the Internet Storm Center are sponsored by the SANS Institute.
  > To learn more about current SANS training, see http://www.sans.org<http://www.sans.org/> .
  > 
  > _______________________________________________
  > send all posts to list at lists.dshield.org<mailto:list at lists.dshield.org>
  > To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list<http://www.dshield.org/mailman/listinfo/list>
  > 
  Matthew,
  I wasn't visiting any site. I was just firing up Mozilla (I keep it 
  memory resident so it starts faster if that means anything in this 
  context) and the alert popped up.

  warpmedia,
  If I understand your answer, I know what cookies are and what they are 
  used for. I always delete all cookies and clear my cache after every 
  browser session anyways. What I was wondering was why 
  homelandsecurity.house.gov would try to set one. I never thought - I'm 
  half asleep right now and this is probably a real dumb question but can 
  you spoof a cookies origin and if so why?

  Mike

  _______________________________________________
  DShield and the Internet Storm Center are sponsored by the SANS Institute.
  To learn more about current SANS training, see http://www.sans.org<http://www.sans.org/> .

  _______________________________________________
  send all posts to list at lists.dshield.org<mailto:list at lists.dshield.org>
  To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list<http://www.dshield.org/mailman/listinfo/list>



More information about the list mailing list