NSA Web Site Puts 'Cookies' on Computers (from ATSNN)

SkepticOverlord, they were basically they were using it to record more information than the Federal Goverment said is legally allowed. Which is why as soon as they were "found out" they removed them, in an attempt to cover themselves.

I am not 100% sure about the U.S. Law on such issues, but that is what the article is claiming is broken.

despite strict federal rules banning most of them.

If they were not breaking the law, they would have never removed them.

A Federal Law is something passed by both houses of Congress and signed into law by the President, not some memo whipped out by a bureaucrat in the OMB. :shk:

As I mentioned, the restrictions on cookies with government websites are "rules" not "laws".

The cookies cannot store anything you don't give to the website you're browsing. The story indicated the cookies expired on 2035, which an arbitrary date set by many web applications for cookies that shouldn't expire. IBM Websphere and Webtrends are two examples of web applications that do this by default.

The "privacy advocate" sparking this story is simply looking for attention.

Assumption based, but the only crime I can imagine is invasion of privacy, but with a NSA disclaimer, I find that assumed crime to be humorous.


Odium:

If they were not breaking the law, they would have never removed them.

That is an assumption.
Removing something does not equate to guilt or wrong doing. The NSA may have simply removed them for the sake of less scrutiny or headaches from folks like Brandt. BTW, who says activism does not work? This still remains a non-story, but does reveal media's continued attempts to keep the light on the NSA and the issue of surveillance in relation to privacy rights. This AP article is nothing more than an attempt to capitalize on such issues.






seekerof

Then why would they remove them?

Surely, if it isn't illegal they would continue to do it?

Edit:

Seekerof, they are so willing to argue the other cases such as the tapping issue, if this is clearly not illegal it makes very little sense as to why they would do it.

It is clear they do not care about the negative public image and if this is clearly legal than it is case-closed.

[edit on 28/12/2005 by Odium]

Maybe because they're telling the truth and it was an accident...

It's now a PR problem created by an attention-seeking "privacy advocate" who is further creating user confusion about what cookies are and what they can do.

And... as I mentioned, there are GAO guidlines, etc., that restrict cookie use by government websites.

If it is a P.R. issue why didn't the NSA make an announcement themselves?

Why remove the cookie and wait till AP contact them to come out and admit it? Surely they would have published the mistake as soon as they knew, so people would have removed the cookie?

I think the cookie thing is a bit of a non-issue, especially since there's a custom built trapdoor for the nsa in every version of windows since win98.

A CARELESS mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows. The NSA access system is built into every version of the Windows operating system now in use, except early releases of Windows 95 (and its predecessors). The discovery comes close on the heels of the revelations earlier this year that another US software giant, Lotus, had built an NSA "help information" trapdoor into its Notes system, and that security functions on other software systems had been deliberately crippled.
. . .
He found that Microsoft's developers had failed to remove or "strip" the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called "KEY". The other was called "NSAKEY".

Fernandes reported his re-discovery of the two CAPI keys, and their secret meaning, to "Advances in Cryptology, Crypto'99" conference held in Santa Barbara. According to those present at the conference, Windows developers attending the conference did not deny that the "NSA" key was built into their software. But they refused to talk about what the key did, or why it had been put there without users' knowledge.

Source

Someone created a patch for it. You can see their site here

ADVAPI.DLL is the file in question

Originally posted by Odium
If it is a P.R. issue why didn't the NSA make an announcement themselves?

They did, here:

For site security purposes and to ensure that this service remains available to all users, this government computer system employs software programs to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage.

Except for authorized law enforcement, security, or counterintelligence investigations, no other attempts are made to identify individual users or their usage habits. Raw data logs are used for no other purposes and are scheduled for regular distribution in accordance with the National Archives and Records Administration Administrative and Management Records Disposition Schedule, Section 370-06ac. All data collection activities are in strict accordance with DoD Directive 5240.1.

NSA Disclaimer






seekerof

[edit on 28-12-2005 by Seekerof]

This will help:

GAO Implementation Of Federal Guidance For Agency Use of Cookies
pdf --> www.gao.gov...

Considering the resources of the NSA I find it hilarious that were discussing the possibility they are spying on us using cookies.

I'm solidly on the non-issue band wagon here.

Still, if its worrying anyone they can use any number of system cleaners to get rid of the cookies. I sweep my system atleast once a week as part of my standard maintenance.

Love and light my friends,

Wupy

Hey guys, regardless of the very debatable functions of cookies, the fact remains that a Government Funded Agency, with the enigma we call the NSA has placed software, of any kind on your computer without your knowlege, disclosure of, consent, or the proper legal athority to do so. As to deleting the cookies, I read recently that all the popular Spyware Eliminator programs were having to turn over source codes in the name of national security a while back, so if the NSA had placed software on your computer they were certainly aware of how to get around the Spyware Blocking software.
I wouldn't mitigate intrusions of any kind which are federally funded and undisclosed folks. From what I have read, Cookies, while mostly harmless, can be scripted to relay information, they can redirect browsers, install software, run java scripts or any number of things. Either way, it's not nice to spy on the people that sign your paycheck.

lol!!! they'll leave the borders wide open, and let the terrorists walk in. they'll even teach them microbiology in our universities so they can make better biological weapons!!! and they rely on cookies and wiretaps to protect us!

who's the acting president this week, curly, larry, or moe?

Cookie Monster Conspiracy

Originally posted by SkepticOverlord
ATS writes several cookies.

Ahhh HA! You see? YOU SEE?!?

ATS IS IN ON IT! At long last, PROOF POSITIVE that ATS is really run by the NSA!!!!!

Hurry, shut off your computer, crumple it up and eat it before it's too late!

They're on to us! Gahhhhhhh!

Man, this is a hoot. All this sort of hooey is precisely what gives conspiracy theory a bad name. :shk:

According to the article, the hullabaloo is over cookie expiration dates, not any of the wild speculation of "poisoned cookies" or "cookie scripting" or anything I've seen suggested here that isn't alleged by anyone in the article.

In other words, people are making stuff up and posting it here.

The best counter to the kind of FUD being peddled here is knowledge.

It can even be tasty.

I invite any of my fellow members who are actually alarmed about this silly little puff piece of a story to relax and have a cookie.




Edit: Modified to include secret brainwave monitoring metacode tags.



[color=gray]You must hear and obey Majic and do as he says. Majic commands: Question Everything. Go forth, my minions!



[edit on 12/28/2005 by Majic]

ATS also installs an Alexia related DOS application, and runs several third party scripts, and this is just a discussion board, not the NSA.
politics.abovetopsecret.com...

yup majic, just another nonstory, but so was this one...

Originally posted by twitchy
I read recently that all the popular Spyware Eliminator programs were having to turn over source codes in the name of national security a while back

[edit on 28-12-2005 by twitchy]

Source Lode

Originally posted by twitchy
yup majic, just another nonstory, but so was this one...

Originally posted by twitchy
I read recently that all the popular Spyware Eliminator programs were having to turn over source codes in the name of national security a while back

If there's no source for it, then yes, it's a nonstory.

So, um, where did you read that, and what does it have to do with the NSA website writing cookies?

Originally posted by Majic
So, um, where did you read that, and what does it have to do with the NSA website writing cookies?

It was, um, a story on ZDNet, Yahoo and Wired News almost a year ago swami, and Do I Really Have To Answer your other question for you?

Odium, If I may.......... Please try FIREFOX Internet Explorer.
There is much more security on that IE. I have to do background checks and use NSA,FBI & othe sites to get my work done. They ALL check as to who was there, what you looked at, and what time it was. FireFox IE blocks those cookies. You can look at the site but the info will not download.
If you have things like a 2Wire or other DLS or box that transmit your internet over the wire......... you might have some geek down the raod with a laptop and a wireless net and some FREE software you can download checking you out looking over your bank account!

Snipe Hunt

Originally posted by twitchy
It was, um, a story on ZDNet, Yahoo and Wired News almost a year ago swami, and Do I Really Have To Answer your other question for you?

Nope, you are free to let this answer speak for itself.