German Court Says Secure Your Wi-Fi or Get Fined

unless you live in the middle of nowhere, it is stupid not to secure your network.

I believe all of us have secured our wireless network. This mainly applies to people who are less tech savvy and just getting the wireless to work for them is already a difficult task not to mention securing it.

I hope the process to set up and secure wireless network gets easy enough for most users. I just found out that one of my friends still uses default SSID, router IP address, router password, with DHCP turned on, and without encrpytion. You know what that means. I could hear the router screaming "hack me."

This is great in theory, but I'm an IT techy that works in peoples houses and ALOT haven't a clue even how to access their router, let alone anything about wireless security.

Still it's far better than the UKs new Digital Economy Bill where the connection owner IS responsible for what the connection's used for.

I wonder how this law will effect plublic connections where the key's given out to customers (Libaries, cafes, schools etc).

Another law that does not make much sense, yet limits your freedom. If you are not liable for your wireless content people can claim that their wireless was protected, but hacked and used for file sharing.

I do not block anyone from my router; however, I do try to block all possible file sharing ports for non-static routes and have uPnP disabled. If explicitly set your firewall on home PC to block all non-static IP addressed within your DHCP pool your home PC will never be discovered.

On the other note, it really sux when people block all access to wireless. When I travel there is a lot of access points, but all of them are either secured or charge for access. In the end I have to pay $15 (hotel charge) to check my email or place a call to relatives. I'm sure there are neighbors around you that do not have high speed internet and would not mind using your occasionally. Do not assume that everyone will run torrents, try to hack or abuse your internet.

Living in Germany and having leeched off plenty of Open, unsecured routers, I can say that this is a good idea. However, as pointed out, 95% of the people don't even understand what their router is there for. "it's like a modem...connected to my laptop...and it just...works."

see?

The government is doing this to try and make some cash back after bailing out that ............. in eastern europe: Greece. man the E.U is so fail right now.

(buy gold while u can!!!! especially you americans!)

Ohio has had a similar since (IIRC) 2001. There was a big bust of a pedophile in my neighborhood (who I helped catch) and he was floating around on other peoples WiFi and a few ignorant people were fined for allowing open access to illegal content.

this is a very good idea

WEP is probably what most people will put on, it's so easy to crack. i don't think it will slow down or deter wardrivers.

I agree that WEP is easy to crack. However, by cracking it, it proves malicious intent and further absolves the owner of the wireless router from legal action.

Good, extra work for the techs in Germany.

It's a good thing overall.

I did that to teach my nephew a lesson one time because he did the same thing. He spent 4 hours on the phone with the isp trying to figure out why it wasn't working. When he found out what I'd done, he sure was ...............!

Interestingly enough, some people actually LIKE to share their internet connection with society. I know several people that have their internet connection with two SSID, a protected private one and an open public one (it's really easy to do with DD-WRT). The open one is set to have minimum priority in QoS and all is good.

Not everyone is as greedy as you are it seems.

Unless those people who want to connect to my net are gonna pay me I will not allow my router to be open, just like I won't let just anyone enter my house unless I know them or am renting an apartment. I don't trust random strangers at all, cause I don't know their intentions and will not get in trouble cause of them, my router stays locked at all times.

Cracking a network, in an of itself, does NOT prove malicious intent. Lots of us do penetration testing, and have no ill-designs on the networks we crack. It's actually kind of fun to see how quickly you can breech a network.

What I don't get is why won't Linksys, D-link and whatever sell their routers with security already enabled with a random password printed on the bottom of the router? Job done!

Some people don't mind leaving the wireless router opened for others to use. Some people like to share. Don't be too quick to judge.

True, but why hack when the culprit can just drive down the road a little farther to find more unsecured routers. From my home I could hit up at least 3 unsecured routers. Poor security is better than no security. /shrug

I keep mine open. I figure if I'm paying $40 a month for high speed, I'm glad someone is using it while I'm at work.

I've had people come to my house and want to get on my wifi, but can't because of the security. People who aren't as good as some of us have trouble typing in a 40 character password and getting it right the first time, or second or third times, and eventually they give up.

I'm on my 3rd home router now, and we have our second or 3rd router at work. Each time we have to learn a different system of accessing the router, setting passwords for the router itself, and then entering WEP or WPA passwords. Then on top of that at home I've got 5 wireless devices that we have to change. This would all be a little easier if the manufacturers would standardize a little bit on how their routers work.

My brother-in-law was trying to fix my grandmother's router one day, and accidentally signed into a neighbor's router and renamed it with a new password without realizing.

This is precisely the reason that I had to turn off the wireless portion of our home's router. I live in a rural area of the US that is slowly becoming suburban. Bellsouth finally got around to giving the area DSL (the only high speed internet option without horrible latency, IE: satellite) a few years ago. The connections were "sold out" before it was even officially released.

I was one of the few people that got access, and upgraded our home from a 100Mb to 1Gb network. (Wireless router/switch, an add-on switch, Cat5e instead of a mix of recycled Cat3 & 5 cable.) I properly secured the router, and all was good. That was, until I began to notice that... even when my work laptop was not powered on, someone was using the wireless. I spoke to all of my neighbours, none of which were using it OR even knew "you could access the internet anyway other than with a modem."

So, I disabled the wireless availability of the router. (However, I retained the information the router had regarding the offending device.)

I know some people that have said, quote: "Why should I pay for internet when my neighbours have it?" The answer is simple. At least in my area, it is illegal for you to use another's wireless without their permission. A simple enough reason for me... but not for many people these days...

Germany next week will pass the following laws:

1. $300 fine if you don't lock your house doors.
2. $200 fine for not flushing the toilet.
3. $140 for not having the password prompt when you start Windows.
4. $25 for not tying your shoe lace.
5. $5 for right-clicking your mouse if you are using a Mac.
6. $40 for not having your daily beer.
7. $30 for not slugging the next person when they see a VW.

Silly lawyers. Just because there is a password doesn't mean it is secure. Type WEP and Hack into Google and you'll find many YouTube videos on how to do it in 10 minutes or less. Everyone will need a strong password and a secure protocol before it will be secure. And if this becomes law I wonder what fees providers will charge to reset your password if you forget!!

I reeeaaally don't think that's going to hold up in court very well though.

I don't know feel about this ruling. I understand the reasoning behind it, but it seem so short sighted.
1) This effectively bands Internet connection sharing and ensures that wireless ISPs don't get competition from projects like Fon Router and DD-WRT. (be prepared to pay higher price)
2) This also shift responsibility for catching the 'bad guys' from the police to private citizens and companies. If I provide access to internet and someone does something bad I will be on the hook? Why?
3) Let assume that you have set your password, but someone cracks it. Then you are going to be accused. I can hear the other side: "It must be you because your router has a password and nobody else can access it unless you actively assisted them." Now you have to spend a small fortune to prove that your password has been cracked.

I think would be much better if the responsibility stays with the police. If someone does something bad accessing my router. The police can come to me with order from the court and I will be more then happy to assist them. There is nothing better to catch the bad guy with his laptop loaded with evidences. His lawyer will have to advice him to pleat guilty.

I see this as a great opportunity for the German equivalent of Best Buy's "Geek Squad", if there is any entrepreneurial spirit left in Europe. Non-tech users will be almost compelled to call for help securing their networks.

Penetration testing without actually accessing the target network... why would it even go to court? For that matter, how would the hacker even get caught? Please don't give me a treatise on MAC logging, signal tracing, yata, yata, yata... most people (clarify: the average Joe, not the average TH reader) don't even know what a MAC address is. Besides, it's easy enough to spoof a fake one. Basically, unless you're conspiculously parked in front of someone's house on a street that normally doesn't see traffic from non-residents, your chances of getting caught are vanishingly small, even if you were abusing their network.

Some of us use other means other than a password to secure our networks. Passwords are usually weak and can be fairly easily broken as can WEP and WPA. So this whole idea of fining someone who doesn't password protect their WiFi access is totally absurd. I sure hope a law like this doesn't reach the States. Although looking at history it seems most of the Socialistic Absurd laws tend to come this way sooner or later.

I agree, maybe that will become the new norm in Germany and elsewhere soon.

This ruling may seem unnecessarily demanding, but it's definitely a good thing. Sure, there's a lot of people who won't abuse an unsecured wireless AP, but there are also a lot who will.

And for those who aren't tech savvy enough to configure wireless security, here are your options...

WPS or PBC
RTFM that came with your router (setup wizard)
Pay a high schooler $10 to do it

I just bought an Airpot Extreme and it was a really easy to set up, other companies should adopt the configuration process from apple and their airpot utility, I don't think to many people know how to access their router from the browser. I know there is a lot of apple hate around, but they really know how to make the use of a computer an easy task.
I also think that WEP and WPA passwords can be a pain, some routers will drop your connection. In this case I would rather use MAC address filtering.