Defcon 2007: The Wi-Fi honeypot from hell

Wireless security researchers are probably reaching for the digital Pepto-Bismol after they slurped down gigabytes of valuable traffic at the recently completed Defcon security convention in Las Vegas. A group of wireless hackers calling themselves the “Church of the WiFi” built a multi-router honeypot which captured gigabytes worth of port scans, man in the middle attacks and even some zero-day techniques.

The honeypot was made from eight Linksys wireless routers – the same kind you would find at the local retail store – along with Linksys switches. The routers were set to cover separate wi-fi channels and fed the data into the switches and out to a computer sniffer.

Security researcher Rick Mellendick built the honeypot as part of a wireless challenge that pitted participants against a heavily fortified web server. By hacking through tiers of security like WEP and WPA, Mellendick hoped that attendees could build up valuable hacking skills.

Mellendick told us that the attackers threw almost every attack in the book against his routers and servers. All the attacks were recorded and more than 60 GB worth of data was sniffed, according to Mellendick.

“It’s a lot of interesting data to go through. There were even attacks that I’ve never seen before,” he said, referring to so-called “zero-day” attacks that have no known defense.

Interestingly enough, even though the Linksys routers are designed to be stacked, Mellendick told us that he still had a lot of problems with heat. One of the routers even overheated into oblivion and had to be replaced.

“They’re getting real hot. Some of them reached 150 degrees,” he said. Thermo-regulated fans were placed on top of the routers to keep things cool. You can see the whole set up in our picture gallery link.

Mellendick hopes to improve his honeypot by adding a one-kilowatt battery pack and shrinking the setup to fit inside of portable cases. “These routers are great for penetration testing. I just need to get them into some Pelican cases,” he said.

Convicted con artist sues Apple over iPhone touch screen

A man recently convicted of healthcare fraud has filed a lawsuit against Apple on behalf of a company called SP Technologies, claiming the touch screen interface on the iPhone infringes on a patent he filed at the turn of the decade.

Peter Boesen says he filed a patent on behalf of SP for a "method and medium for readable keyboard display incapable of user termination."

The August 2000 patent includes claims like a "graphical keyboard on a touch screen display to receive input from a user" and a "graphical keyboard on the touch screen display such that the user cannot move, resize, remove, or close the graphical keyboard through the user interface while the input area remains and requires input."

The lawsuit, which was filed in a federal court in Texas, claims "the use, sale, and offer for sale of [Apple's] iPhone product and system" infringes on the company's patent.

SP also alleges that letters sent to Apple in February went unanswered. "Apple failed to investigate, respond to the letter...or take reasonable steps to avoid infringement," says SP in its lawsuit.

The backgrounds of SP and patent holder Peter Boesen may shed light on the legitimacy of the claim. Information Week reports that SP has filed patent infringement lawsuits against Canon, LG, and Kyocera in the past. Boesen also has a mark in his legal standing.

The Des Moines, Iowa surgeon was reportedly convicted of healthcare fraud in May. He was ordered to pay back more than $900,000 in fraudulent claims and was sentenced to 51 months in federal prison. He is currently free pending an appeal, but could well be incarcerated by the time the iPhone lawsuit hits the docket.

Apple has not yet commented on the lawsuit.

$1.5 billion patent suit overturned in favor of Microsoft

Microsoft is breathing a sigh of relief today, as a federal judge overturned an earlier ruling that would have forced the software giant to pay $1.5 billion to Alcatel-Lucent.

In a dispute over MP3 technologies, Southern California District Court Judge Rudi Brewster said Microsoft was not guilty of infringing patents owned by Alcatel-Lucent, and reversed the decision that Microsoft needed to pay over a billion dollars in damages.

Microsoft was ordered to pay $1.5 billion to Alcatel-Lucent in February as a result of a jury trial. The plaintiff claimed that Microsoft infringed on two of its patents.

Brewster said in one of the cases, the outcome was just wrong and Microsoft did not infringe on the patent, and in the other case the software giant got off on a technicality because Alcatel-Lucent failed to name a co-owner of the patent in the suit. Microsoft partner Fraunhofer, a European research firm, had a stake in the patent so the US court did not have jurisdiction in the case.

Alcatel-Lucent is understandably upset at this turn of events. "This reversal of the judge's own pre-trial and post-trial rulings is shocking and disturbing, especially since -- after a three-week trial and four days of careful deliberation -- the jury unanimously agreed with us, and we believe their decision should stand," said the company in a statement.

IDGNS reports Alcatel-Lucent has appealed this new ruling, which could lead to a change in the company's sought damages.