Ars Technica on Canary box aiming to lure hackers into honeypots so they are captured prior to becoming national news:
A honeypot system should be much less susceptible to false alerts, since almost any access to a honeypot system should, by definition, be suspicious.
The Canary box aims to tackle this problem, offering the reliable reporting of a honeypot, but without the complex configuration. In fact, Thinkst says that configuring Canary should only take a few minutes. A hardware button is used to put the Canary into “configuration” mode. An administrator then connects to the Canary with Bluetooth and chooses the personality it should use: it can masquerade as, for example, Windows Server 2008, Linux, and ReadyNAS—and the services it offers. A fake Windows server can offer Windows shares, host some exciting looking files such as “salaries.xls,” or “top-secret-project.docx,” or whatever else is chosen.
After that initial configuration, the device can then be left alone. The Canary will report attempts to access it through an online management console; if someone port scans it, tries to connect to its network services, or opens files from it, it’ll immediately send an alert.
Canary won’t catch every intruder—one that knows exactly what they’re looking for probably won’t be tempted to look for the tempting treats on the honeypot—but it should nonetheless provide an easy way of finding unauthorized network access that isn’t prone to false positives. Compared to many enterprise-oriented security offerings, it’s also affordable: $5,000 a year for two Canary devices and management through the online console.
Sounds like an interesting device to play around with and test its capabilities.