Main Page

Other Articles

The Borrowed Cursor - Stan Fockner

Many years ago, during its very early development, I was assigned to the COSICS Project Office as a "Deputy Project Manager". My role according to Doug Woods who sent me there, was to "stay on top" of technical security considerations as the project developed. There were humongous libraries of security rules, regulations and standards that applied and many government organizations and agencies that needed to be satisfied that the system was secure. NACSEM was just part of the larger picture. Ever hear of the RAINBOW SERIES? Well, ask Vince Tarasco. . .he can tell you..

I enjoyed this work initially but, as the project moved to the implementation phase, I was delighted to return to my substantive role as Deputy Director of Technical Security Operations. Bill Shadforth replaced me on the COSICS team as the Deputy Project Manager- Implementation. Larry McKeown and Donald Graham became the lead installers and coordinated its installation in Ottawa and Washington.

Having returned to Technical Security full-time gave me an opportunity to look at COSICS from a different and more practical perspective. But first, I would need a "users" course so I would know how to send and receive messages. Instead, I wrangled a COSICS account for Lyal Collins who was a Senior Technical Security Inspector seconded to DFAIT by the Australian Technical Security Service (ATSS).

Lyal was both a technical keener and a great Ambassador to Canada for the ATSS. He loved his work and the opportunity (excuse) to experiment and learn new things. We were kindred spirits in this respect and spent hours discussing potential security vulnerabilities of all kinds.

Having completed his COSICS User's course Lyal was rewarded with a COSICS account and a VT220 terminal was installed for his use. He quickly began to explore the capabilities of the system after acquiring a collection of manuals that he actually read. One of the first things he discovered was that the user workstations contained several "character sets". This means they could draw forms and display characters unique to foreign languages as well as English and French. One of the character sets produced gibberish.

Lyal determined these characters were activated by embedding "escape sequences" within the text of a message so that the receiver's terminal would display the alternate characters. You could not see these characters but could witness the results. We discussed this in some detail because this feature had the potential to raise havoc. They were certainly not "forbidden" in any of the security bibles. He needed a second COSICS terminal to send messages to so we could see the extent of this potential problem.

Doug Woods, one of the fathers of COSICS, was in a position where we thought he could organize a second terminal. We asked. He declined, but suggested we could send messages to his account on the system providing we promise not to damage the system or impair its security. Art Barrett and Vince Tarasco were also involved as "testers". We had to admit that the installation of a second COSICS terminal in Lyal's office might have been viewed as luxurious because they were in very short supply, great demand and rather costly to install. On the other hand, we had to be careful not to appear to be "knocking" what had been designed as a secure system.

No one said we couldn't have a bit of fun while uncovering vulnerabilities and developing solutions in Technical security. So we did.

Lyal's first message to Doug was sent three days later. It consisted of two pages with three very carefully crafted paragraphs.

- The first paragraph thanked Doug for his co-operation and reiterated the need for a second COSICS terminal.

- The second paragraph reported that we had made some progress "building a second terminal" from spare parts salvaged from equipment damaged during shipment.

- The third paragraph described the difficulty acquiring a "character set" for the terminal (which was nonsense) and stating we would like to borrow his. Then, just as Doug scrolled down to read page two, a special escape sequence which Lyal buried in the first line of the second page caused Doug's terminal to display gibberish.

Lyal's phone rang shortly thereafter. Apparently Doug had tried to scroll back to the first page and found that it too was gibberish. Lyal explained what had been done and suggested the quickest way to restore normal operation was to turn the terminal off and then on again. "And Doug, just delete that message so it doesn't mess up your terminal if you accidentally open it again."

The next day a much shorter message was sent to Doug. This message apologized for the inconvenience caused by the previous message and explained that we had our second terminal nearly working. "All we need now is the cursor that we forgot to collect yesterday." which, as Doug read the message, went missing from his screen.

It took no further persuasion to have a fix made to the COSICS software so users would not "accidentally" embed escape sequences in their messages.

-----Original Message-----
From: Lyal Collins [mailto:lyal.collins at]
Sent: Monday, March 12, 2007 5:44 PM
To: 'Savant ITC'
Subject: RE: The Borrowed Cursor
Hi Stan,
Yes this is a good one.
However I though Vince Tarasco was the co-opted testers (or one of them), and or Art Barret.
Other examples of 'havoc' was to 'steal' half the screen, make the text size bigger, and to add a blank line after every line. 
Lets not mention that those escape sequences that didn't affect the terminal sometimes sometimes did 'crash' the terminal servers in the basement, putting a number of users offline/out of service until they were restarted. or should we/you? 
Cheers Lyal


Main Page

Other Articles

OFARTS Canada 2006 -2007 Old Foreign Affairs Retired Technicians, Canada The opinions expressed here are those of the contributors. Accuracy of facts has not been verified in all cases.