Skip to content
Thoughtful, detailed coverage of everything Apple for 29 years
and the TidBITS Content Network for Apple professionals
Rich Mogull

Rich Mogull

Rich Mogull has been working in the security world for over 20 years, and breaking computers (usually by accident) even longer. After about 10 years in physical security (mostly running large events/concerts), he made the mistake of getting drunk in Silicon Valley and telling someone he “worked in security.” Next morning he woke up with a job as an IT security consultant. That’s not totally true, but it’s far more amusing than his full biography. He currently works as the VP of Product for DisruptOPS and an independent security analyst at Securosis.com. He previously spent seven years as an analyst with Gartner. Rich is also a paramedic, done stints as a firefighter and with Rocky Mountain Rescue, and recently retired from ski patrol when he moved to sunny Arizona. He still dabbles in disaster medicine, when nature cooperates.

Rich Mogull 17 comments

Thunderstrike Proof-of-Concept Attack Serious, but Limited

The recently demonstrated Thunderstrike proof-of-concept attack could infiltrate a Mac at the hardware level, but few users need to worry about it given its need for physical access.

Rich Mogull 42 comments

The Real Reason Some Merchants Are Blocking Apple Pay… for Now

Some retailers not only refuse to directly support Apple Pay, they deliberately block use even when their cash registers accidentally support it. It’s not a reaction to Apple, but a direct response to mistreatment by the credit card brands.

Rich Mogull 18 comments

How Spotlight Suggestions Handles Privacy

In iOS 8 and OS X Yosemite, Spotlight now searches the Internet, not just your local device, for the information you are looking for. Going beyond Apple’s documentation, TidBITS Security Editor Rich Mogull digs into how Apple provides relevant results while still managing your privacy.

Rich Mogull 6 comments

You Are Apple’s Greatest Security Challenge

As the recent celebrity photo thefts showed, Apple now faces cloud security challenges that few other companies — even international banks — have had to address so far.

Rich Mogull 19 comments

Apple and Google Spark Civil Rights Debate

By both dramatically enhancing phone encryption and marketing it as a defense against government snooping, Apple and Google are accelerating an important debate on civil rights and the role of government in our lives.

Rich Mogull 23 comments

Macs Mostly Safe from Bash Vulnerability, but Be Ready to Patch

Although all Macs are vulnerable to the recently disclosed Bash shell vulnerability, it’s highly unlikely that they’ll be exploited. Security Editor Rich Mogull tells you why.

Rich Mogull 5 comments

iCloud Flaw Not Source of Celebrity Photo Theft

A reported Find My iPhone security flaw wasn’t responsible for the recent theft of celebrity photos, according to Apple, but iCloud may still have been the source of the images.

Rich Mogull 26 comments

How to Protect Your iCloud Keychain from the NSA

Apple has released extensive details on iOS and iCloud security in a new white paper. One of the gems is how iCloud Keychain works, and the best way to configure it for the best possible security.

Rich Mogull 5 comments

How Apple Protects Your iPhone from Your Employer

With the release of iOS 7, Apple redefined how employers manage iOS devices. Among other things, if you use your own iPhone or iPad for work, it protects your data from your employer just as strongly as it attempts to prevent work data from being accessed by personal apps or email accounts.

Rich Mogull 42 comments

Q&A about Fingerprint Scanning

The most significant feature of Apple’s new iPhone 5s is a built-in fingerprint scanner. TidBITS Security Editor Rich Mogull takes a look behind the scenes on how fingerprint scans compare to passcodes when it comes to security.

Rich Mogull 18 comments

What Apple Data the U.S. Government Can and Cannot Access

Responding to recent allegations that the NSA can spy on users of online services, Apple has clarified what private user data the U.S. government can access. Apple’s statements, plus the released material, provide a clearer picture of how and where you data could be exposed. The short version? Ignore the hyperbole.

Rich Mogull 17 comments

iCloud for Families Debuts

Apple has released an unexpected update to iCloud with a host of useful features for managing the complexities of modern family life. Some of the capabilities of iCloud for Families will no doubt generate controversy, but overall, we expect that parents will welcome the additional communication and control.

Rich Mogull 11 comments

Isolate Adobe Flash by Using Google Chrome

Adobe Flash isn’t only vulnerable, it’s being used to hack Macs. Instead of merely applying the latest patch, Security Editor Rich Mogull shows you how to sandbox Flash and limit future attacks.

Rich Mogull 10 comments

Do You Need Mac Antivirus Software in 2013?

Despite much-publicized Flashback infections in 2012, most Mac users still don’t need antivirus software. We explain why, and which situations might warrant it.

Rich Mogull 16 comments

Examining Apple’s Security Efforts in 2012

2012 was a watershed year for Apple’s security efforts. While dealing with significant challenges, the company made strong advances, setting the stage for strong security for years to come.