Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
Rich Mogull

Rich Mogull

Rich Mogull has been working in the security world for over 20 years, and breaking computers (usually by accident) even longer. After about 10 years in physical security (mostly running large events/concerts), he made the mistake of getting drunk in Silicon Valley and telling someone he “worked in security.” Next morning he woke up with a job as an IT security consultant. That’s not totally true, but it’s far more amusing than his full biography. He currently works as the VP of Product for DisruptOPS and an independent security analyst at Securosis.com. He previously spent seven years as an analyst with Gartner. Rich is also a paramedic, done stints as a firefighter and with Rocky Mountain Rescue, and recently retired from ski patrol when he moved to sunny Arizona. He still dabbles in disaster medicine, when nature cooperates.

Rich Mogull 9 comments

I’m a Paramedic: Here’s How the Apple Watch Series 4 Will and Won’t Save Lives

The Apple Watch Series 4 promises to detect falls, identify atrial fibrillation, and let wearers take electrocardiograms on demand. Rich Mogull draws on his paramedic training to evaluate how effective each of these technologies is likely to be.

Rich Mogull 18 comments

Mojave’s New Security and Privacy Protections Face Usability Challenges

macOS 10.14 Mojave brings important security and privacy improvements to the Mac, but both Apple and developers need to work harder to avoid overwhelming users with a cacophony of alerts.

Rich Mogull 9 comments

Smart Home Lessons from a Home Automation Veteran

Rich Mogull shares the lessons he’s learned over a decade of home automation and how the new “Take Control of Apple Home Automation” book compresses many of them into a neat package.

Rich Mogull 4 comments

iOS 11 Encrypted Backup Change Reduces Security, Boosts Data Safety

In iOS 11, Apple has changed things so encrypted iTunes backups can now be restored with either the separate backup password or the device passcode. This move reduces security, but it also reduces the likelihood that users will forget the password and lose access to their backups.

Rich Mogull 52 comments

Face ID’s Innovation: Continuous Authentication

It takes a lot to impress security expert Rich Mogull, but he’s convinced that Face ID is going to change the face of computer security.

Rich Mogull 24 comments

You Can’t Protect Yourself from the Equifax Breach

Credit-reporting agency Equifax has exposed the private information of 143 million Americans. Rich Mogull outlines some steps you can take, but they won’t amount to much until the system changes.

Rich Mogull 6 comments

Preparing for a Possible Apple “Face ID” Technology

Leaked HomePod firmware points to a possible facial recognition feature in a future iPhone. TidBITS Security Editor Rich Mogull examines the implications and explains how you can evaluate the announcement if and when it comes.

Rich Mogull 27 comments

Why Apple Defends Encryption

With the U.S. government once again campaigning against encryption, why does it seem as though only Apple is standing up for users? Rich Mogull has some answers.

Rich Mogull 7 comments

The Million Dollar iOS Hack (Isn’t)

Although a security exploit broker paid out ONE MILLION DOLLARS for an iOS 9 attack, most users are safe, and the exploit’s days are already numbered.

Rich Mogull Adam Engst 14 comments

XcodeGhost Exploits the Security Economics of Apple’s Ecosystem

XcodeGhost is a new piece of malware that uses modified versions of Xcode to insert malicious code into popular iOS apps. This appears to affect only Chinese apps, because bandwidth limitations in China are what prompted developers to download modified copies of Xcode from unofficial sources, rather than going straight to Apple.

Rich Mogull 15 comments

What You Need to Know About the Thunderstrike 2 Worm

Researchers will demonstrate a new proof-of-concept worm that attacks Mac firmware at this week’s Black Hat security conference. It’s fascinating research, but not something average users should worry about.

Rich Mogull 1 comment

How the Apple Watch Could Improve Security

As a secure second device likely to be with its owner at nearly all times, the Apple Watch offers some compelling opportunities to improve account security.

Rich Mogull 8 comments

Apple Pay Exposes Insecure Bank Policies

Apple Pay is being blamed for a rash of new credit card fraud cases. TidBITS Security Editor Rich Mogull argues that it’s merely exposing existing weaknesses in bank security.

Rich Mogull 16 comments

The Good News about the CIA Targeting Apple

The latest revelation from Edward Snowden’s trove of confidential documents shows that the CIA has long been targeting Apple, along with other major technology companies. Security analyst Rich Mogull explains why average users don’t need to worry, and why this news is actually good.

Rich Mogull 17 comments

Thunderstrike Proof-of-Concept Attack Serious, but Limited

The recently demonstrated Thunderstrike proof-of-concept attack could infiltrate a Mac at the hardware level, but few users need to worry about it given its need for physical access.