Rich Mogull
Rich Mogull has been working in the security world for over 25 years, and breaking computers (usually by accident) even longer. After about 10 years in physical security (mostly running large events/concerts), he made the mistake of getting drunk in Silicon Valley and telling someone he “worked in security.” Next morning he woke up with a job as an IT security consultant. That’s not totally true, but it’s far more amusing than his full biography. He currently works as the Chief Analyst at theCloud Security Alliance and an independent security analyst at Securosis.com. He previously worked as an analyst with Gartner and VP of Product for DisruptOPS. Rich is also a paramedic, has done stints as a firefighter and with Rocky Mountain Rescue, and retired from ski patrol when he moved to sunny Arizona. He still dabbles in disaster medicine, when nature cooperates.
With the U.S. government once again campaigning against encryption, why does it seem as though only Apple is standing up for users? Rich Mogull has some answers.
Although a security exploit broker paid out ONE MILLION DOLLARS for an iOS 9 attack, most users are safe, and the exploit’s days are already numbered.
XcodeGhost is a new piece of malware that uses modified versions of Xcode to insert malicious code into popular iOS apps. This appears to affect only Chinese apps, because bandwidth limitations in China are what prompted developers to download modified copies of Xcode from unofficial sources, rather than going straight to Apple.
Researchers will demonstrate a new proof-of-concept worm that attacks Mac firmware at this week’s Black Hat security conference. It’s fascinating research, but not something average users should worry about.
As a secure second device likely to be with its owner at nearly all times, the Apple Watch offers some compelling opportunities to improve account security.
Apple Pay is being blamed for a rash of new credit card fraud cases. TidBITS Security Editor Rich Mogull argues that it’s merely exposing existing weaknesses in bank security.
The latest revelation from Edward Snowden’s trove of confidential documents shows that the CIA has long been targeting Apple, along with other major technology companies. Security analyst Rich Mogull explains why average users don’t need to worry, and why this news is actually good.
The recently demonstrated Thunderstrike proof-of-concept attack could infiltrate a Mac at the hardware level, but few users need to worry about it given its need for physical access.
Some retailers not only refuse to directly support Apple Pay, they deliberately block use even when their cash registers accidentally support it. It’s not a reaction to Apple, but a direct response to mistreatment by the credit card brands.
In iOS 8 and OS X Yosemite, Spotlight now searches the Internet, not just your local device, for the information you are looking for. Going beyond Apple’s documentation, TidBITS Security Editor Rich Mogull digs into how Apple provides relevant results while still managing your privacy.
As the recent celebrity photo thefts showed, Apple now faces cloud security challenges that few other companies — even international banks — have had to address so far.
By both dramatically enhancing phone encryption and marketing it as a defense against government snooping, Apple and Google are accelerating an important debate on civil rights and the role of government in our lives.
Although all Macs are vulnerable to the recently disclosed Bash shell vulnerability, it’s highly unlikely that they’ll be exploited. Security Editor Rich Mogull tells you why.
A reported Find My iPhone security flaw wasn’t responsible for the recent theft of celebrity photos, according to Apple, but iCloud may still have been the source of the images.
Apple has released extensive details on iOS and iCloud security in a new white paper. One of the gems is how iCloud Keychain works, and the best way to configure it for the best possible security.