German Court Says Secure Your Wi-Fi or Get Fined

[SAL-e]

I don't know feel about this ruling. I understand the reasoning behind it, but it seem so short sighted.
1) This effectively bands Internet connection sharing and ensures that wireless ISPs don't get competition from projects like Fon Router and DD-WRT. (be prepared to pay higher price)
2) This also shift responsibility for catching the 'bad guys' from the police to private citizens and companies. If I provide access to internet and someone does something bad I will be on the hook? Why?
3) Let assume that you have set your password, but someone cracks it. Then you are going to be accused. I can hear the other side: "It must be you because your router has a password and nobody else can access it unless you actively assisted them." Now you have to spend a small fortune to prove that your password has been cracked.

I think would be much better if the responsibility stays with the police. If someone does something bad accessing my router. The police can come to me with order from the court and I will be more then happy to assist them. There is nothing better to catch the bad guy with his laptop loaded with evidences. His lawyer will have to advice him to pleat guilty.

 

[husker]

I see this as a great opportunity for the German equivalent of Best Buy's "Geek Squad", if there is any entrepreneurial spirit left in Europe. Non-tech users will be almost compelled to call for help securing their networks.

 

[jellico]

[citation][nom]Kelavarus[/nom]I reeeaaally don't think that's going to hold up in court very well though.[/citation]
Penetration testing without actually accessing the target network... why would it even go to court? For that matter, how would the hacker even get caught? Please don't give me a treatise on MAC logging, signal tracing, yata, yata, yata... most people (clarify: the average Joe, not the average TH reader) don't even know what a MAC address is. Besides, it's easy enough to spoof a fake one. Basically, unless you're conspiculously parked in front of someone's house on a street that normally doesn't see traffic from non-residents, your chances of getting caught are vanishingly small, even if you were abusing their network.

 

[waikano]

Some of us use other means other than a password to secure our networks. Passwords are usually weak and can be fairly easily broken as can WEP and WPA. So this whole idea of fining someone who doesn't password protect their WiFi access is totally absurd. I sure hope a law like this doesn't reach the States. Although looking at history it seems most of the Socialistic Absurd laws tend to come this way sooner or later.

 

[wildwell]

[citation][nom]sot010174[/nom]What I don't get is why won't Linksys, D-link and whatever sell their routers with security already enabled with a random password printed on the bottom of the router? Job done![/citation]
I agree, maybe that will become the new norm in Germany and elsewhere soon.

 

[johnnyupgrade]

This ruling may seem unnecessarily demanding, but it's definitely a good thing. Sure, there's a lot of people who won't abuse an unsecured wireless AP, but there are also a lot who will.

And for those who aren't tech savvy enough to configure wireless security, here are your options...

WPS or PBC
RTFM that came with your router (setup wizard)
Pay a high schooler $10 to do it

 

[rf88he102]

I just bought an Airpot Extreme and it was a really easy to set up, other companies should adopt the configuration process from apple and their airpot utility, I don't think to many people know how to access their router from the browser. I know there is a lot of apple hate around, but they really know how to make the use of a computer an easy task.
I also think that WEP and WPA passwords can be a pain, some routers will drop your connection. In this case I would rather use MAC address filtering.

 

[anamaniac]

[citation][nom]wildwell[/nom]I agree, maybe that will become the new norm in Germany and elsewhere soon.[/citation]
Ummm.... my router by default has a password, and it's printed at the bottom of the router. It's a D-Link.

I didn't mind sharing my wireless, I just decided to stop when 10 people were using it at once.

 

[Gin Fushicho]

Good job Germany. =)

 

[icepick314]

WPA2 Wireless Router Setup

SSID: PasswordIs12345
Password: 12345

Problem Solved

 

[chunkymonster]

[citation][nom]jellico[/nom]Cracking a network, in an of itself, does NOT prove malicious intent. Lots of us do penetration testing, and have no ill-designs on the networks we crack. It's actually kind of fun to see how quickly you can breech a network.[/citation]Penetration tests are typically done as part of an overall security assessment of a customer's network. There is a significant difference between being paid to assess the quality and level of a network's security and randomly deciding to crack someone's home wireless. And, in the context of this article and regarding the German law, cracking a secured (WEP or otherwise) network that you have no business or contract agreement to crack, is malicious intent.

 

[NapoleonDK]

[citation][nom]johnnyupgrade[/nom]Pay a high schooler $10 to do it[/citation]Or a middle schooler $5. Seriously.

 

[JOSHSKORN]

If you don't know how to secure a network then you have no business being online from home. Go use a public computer. Just don't be a complete idiot about it. Don't save your passwords, don't type in your social security or credit card numbers or anything.

 

[eddieroolz]

Better off if everyone secures their network, anyway. So this decision is a good one.

 

[Kohlhagen]

[citation][nom]PeanutsRevenge[/nom]This is great in theory, but I'm an IT techy that works in peoples houses and ALOT haven't a clue even how to access their router, let alone anything about wireless security.Still it's far better than the UKs new Digital Economy Bill where the connection owner IS responsible for what the connection's used for.I wonder how this law will effect plublic connections where the key's given out to customers (Libaries, cafes, schools etc).[/citation]

How are you an IT tech without even knowing default router IP addresses or how to secure them properly?

 

[FSXFan]

[citation][nom]JOSHSKORN[/nom]If you don't know how to secure a network then you have no business being online from home. Go use a public computer.[/citation]
Why don't you try telling that to your mom? Chances are she doesn't know how to secure her network.

 

[JohnnyLucky]

I wonder if it would have been better to have a public service advertising campaign.

 

[kelemvor4]

[citation][nom]sot010174[/nom]What I don't get is why won't Linksys, D-link and whatever sell their routers with security already enabled with a random password printed on the bottom of the router? Job done![/citation]Because almost every single person who bought one would plug it in and expect it to work and when it didn't they'd call tech support increasing costs for the company who made it.

 

[joex444]

I don't have any WPA or WEP enabled. I've found the access point is slow with that enabled, go figure it's old.

Anyways, MAC address filtering and disabled SSID broadcast. Yes, I'm aware it's easily hacked by anyone wishing to intercept packets but with 17 other access points visible, wouldn't you choose one of those first?

 

[techguy911]

One huge problem with this no wifi is safe no matter what system you use it can be hacked in 9 mins max, there are kits floating around all over the internet.
Current standards are no longer considered safe and they need to use something a lot more secure.

 

[hemelskonijn]

The wait is for the first person who is getting jail time because some on raped or murdered another person in his or her backyard.

Most ISP's in Germany already send out routers that have a password printed on the bottom so that should not be the problem. However i strongly believe it is a nice thing to leave (a portion) of the network open for those surrounding me that are either on the go or cant afford a wireless network them self. For as far as i know on the (soft 90% hard) 12% of my network that is open there are 3 playstations running every night and the kids using them are more then thankful for being able to use it. other then that there are some returning users and a few that only seem to stop by once but in more then 10 years time no one really felt like abusing it. If you wanted a network for either spam or downloads would it not be way smarter to use some high speed internet connection ?, personally i would grab a business connection after hours since then all the bandwidth is mine!

My botnet controller has run for almost 4 years before KPN stopped selling their experiabox routers and thus replaced them in their stores and by that move killed my connection to them. To get my botnet controller back i would simply walk in to the store pretend to be a customer and reconfigure it for my needs (not that there is any need since my small botnet is created for fun and education purpose).