Thanks go to Steve Johnson and his Blog Nauseam post today http://www.blog.cadnauseam.com/2012/06/22/acadmedre-a-malware-emails-your-drawings-to-the-bad-guys/ for this eye opener.
I have been down on this whole cloud thing for any CAD use from day one. How many different ways can your data be hacked and it all depends upon a reliable method of access for it all to work.
The problem is that reliable accrues benefits to those who wish to steal data and not create data. You see the web can’t be made secure and the one thing, the only thing, that is guaranteed is the ability of technology to figure out workarounds for all security measures except keeping your data from any web access.
I see articles this day once again talking about how this web stuff will benefit all who use it but once again there are no comments on how to secure it. Autodesk is in my opinion going to be sued into oblivion not to long after they force their customers to the web. Unless of course they make every customer sign a EULA so ironclad that they can save themselves this way. It will only take a few high-profile cases before Autodesk will have to relent on this cloud only stuff or indeed they will suffer the consequences of customer loss. Kind of like the equivalent of data loss only for them it will customer loss.
How can any company afford to stay? I like what was stated in the article Steve quotes from.
“ACAD/Medre.A is a serious example of suspected industrial espionage. Every new design created by a victim is sent automatically to the authors of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals will have designs before they even go into production by the original designer. The attacker may even go so far as to get patents on the product before the inventor has registered it at the patent office. The inventor may not know of the security breach until his patent claim is denied due to prior art.”
So now Autodesk and I believe Dassault want all their users to be forced to have to work on the web. How priceless a warning is this about the perils of doing so from every direction. The one common denominator with every hack I have read about is the access to the web. All the stuff from server boards with back doors built-in to this bit of malware are rendered useless by not allowing any access to the web. The claims of tech advantages for the cloud by those who wish to make money off of it will in the end be defeated by tech designed to compromise it.
Your competitor could patent your stuff before you do as he had the finished drawings as soon as the author did!! Brilliant, this cloud thing really is good for some ahem, ah design firms should I say. Sponsored by the Chinese Board of Industry 🙂