from the finally dept
The Helsinki branch of financing firm GE Money apparently was scammed recently. Here's how it worked: (1) the company's own head of data security (2) stole banking software from the company after which he (3) took confidential users passwords for its bank accounts. He then (4) stole money from GE Money's accounts by transferring it to a (5) secret account he had set up months earlier. Oh yeah, he did this last bit (6) via an open WiFi connection.All those other things? No big deal. The problem here, according to many in Finland, was the open WiFi, the use of which was later outlawed (apparently via case law) (Updated to clarify that it was the use of open WiFi that was made illegal, not setting up open WiFi).
Thankfully, it looks like regulators there have now realized this was a total overreaction. Slashdot points us to the news that the Finish Justice Ministry is preparing to legalize the use of open WiFi (Google translation from the original Finnish) after realizing that open WiFi is both widely used and incredibly useful.
Finally, a side note, because this has come up before from commenters who think that I'm being inconsistent: supporting open WiFi does not mean that you support individuals not protecting themselves when using the open WiFi. In past threads, it was suggested that supporting open WiFi while pointing out how silly it is for people to complain about their own poor security habits was in disagreement. It is entirely reasonable and consistent to support open WiFi (at the access point level) while suggesting that individuals (at the user level) encrypt their own data. In fact, that's quite a useful situation: more open WiFi, but security at the user level, is really a situation that works best for everyone.