[Dshield] Cookies from homeland security???

Roland Green rgreen at plannedbuy.com
Tue Oct 19 13:30:16 GMT 2004


Mike if you are really concerned why don't you install a personal 
firewall like the one Symantec makes (Norton Personal Firewall).  There 
is an option to force every application on the machine to be granted 
permission before they access the Internet.  Or you can just put your 
machine behind a hardware firewall and block all the ports.  Then read 
the logs and uses Fprod to track down which application that is trying 
to use the Internet without your intervention.

After reading your initial profile (personal description) I did notice 
that although you are not of middle eastern decent or an associate there 
of (as stated in your profile) that you do match the general profile of 
a US. Domestic Terrorist (ie those who bomb  lumber companies and 
companies who sell / harvest animal fur). If you are indeed being 
tracked and all they are doing is setting a cookie, consider yourself 
fortunate because they could  initiate satellite monitoring of your home 
and replace your "cable box" and "computer modem" with the new model 
CIA-FBI-NSA-245 Time Warner/Comcast/Cablevision addition.


Welcome to crazy world :-D

mike wrote:

> warpmedia wrote:
>
>> Mike-
>>
>> I am not up on the state of exploits & cookies (Mozilla is less 
>> likely to be so than IE AFAIK), but it supposed to that be only 
>> source domain can set & read the cookies. Either way it's a legit 
>> site using Cold Fusion & CFM files to serve up content and needs to 
>> set those 2 values to work.
>>
>> Since you're not browsing there manually, I'd guess your start page 
>> or some other page you've been too is redirecting you to 
>> homelandsecurity.house.gov & then quite normally you are getting 
>> session cookies from them. I'd be more looking into why you're being 
>> redirected rather than pondering further these particular cookies or 
>> domain.
>>
>> What exactly is the alert saying? I must have missed the description. 
>> Could be that they don't a privacy policy defined & the browser is 
>> rightly warning you (but that's just an IE6 thing IIRC).
>>
>> At 10:33 AM 10/17/2004, mike wrote:
>>
>>> Matthew,
>>> I wasn't visiting any site. I was just firing up Mozilla (I keep it 
>>> memory resident so it starts faster if that means anything in this 
>>> context) and the alert popped up.
>>>
>>> warpmedia,
>>> If I understand your answer, I know what cookies are and what they 
>>> are used for. I always delete all cookies and clear my cache after 
>>> every browser session anyways. What I was wondering was why 
>>> homelandsecurity.house.gov would try to set one. I never thought - 
>>> I'm half asleep right now and this is probably a real dumb question 
>>> but can you spoof a cookies origin and if so why?
>>
>>
>>
>> Joshua MacCraw
>> warpmedia at comcast.net
>> http://mywebpages.comcast.net/jmaccraw
>> _______________________________________________
>> DShield and the Internet Storm Center are sponsored by the SANS 
>> Institute.
>> To learn more about current SANS training, see http://www.sans.org .
>>
>> _______________________________________________
>> send all posts to list at lists.dshield.org
>> To change your subscription options (or unsubscribe), see: 
>> http://www.dshield.org/mailman/listinfo/list
>>
> warpmedia,
>
> Thanks for the info. About the alert, I just meant the warning Mozilla 
> displays before it allows a site to set cookies asking whether you 
> want to allow a site to set cookies. As far as being redirected I 
> don't "think" I'm being redirected anywhere since I'm not connected to 
> any site AFAIK.
>
> Pete,
>
> I called CERT and the guy I spoke with hadn't heard of it but was 
> going to check around and get back to me.
>
> Thanks for the help
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the SANS 
> Institute.
> To learn more about current SANS training, see http://www.sans.org .
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
>




More information about the list mailing list