From a link at slashdot: reports that the NSA was accidentally leaving permanent cookies on user's browsers. From the article it noted that it was due to a recent software upgrade. On a hunch I went over to the NSA and discovered that, yes, it is indeed a ColdFusion site.

So - what do you think? I bet someone accidentally turned on client variables in an Application.cfm file. At least their site is reasonably secure. I "broke" the search engine but got a pretty error, and not a default error. They also covered a missing CFM as well.

Oh - and I'm not even going to comment on cookies. Get a grip. Folks should be more worried about real cookies and their health. Of course, part of the blame for the cookie paranoia falls on Netscape's shoulders. In the old days it was very hard to configure cookie support. Shoot, you couldn't even easily examine your cookies. The browser should have been a lot more open about cookies and their status.