Rich Mogull


Rich Mogull on Apple Pay

Dennis Fisher talks with Rich Mogull about the new iPhone 6, the security and privacy of Apple Pay and whether there’s another company that could put together a similar payment system.

Rich Mogull on the Target Data Breach

Dennis Fisher talks with Rich Mogull of Securosis about the Target data breach, how the attack may have worked, why these breaches are still so common and what can be done to improve the situation.


Dennis Fisher talks with Rich Mogull of Securosis about his days as a teen wannabe hacker, his meandering path through Navy ROTC, software development, near miss with medical school, mountain rescues and his life as a security industry analyst.

By Rich Mogull (Securosis)
Mr. Carr,

I read your interview with Bill Brenner in CSO magazine today, and I sympathize with your situation. I completely agree that the current system of standards and audits contained in the Payment Card Industry Data Security Standard is flawed and unreliable as a breach-prevention mechanism. The truth is that our current transaction systems were never designed for our current threat environment, and I applaud your push to advance the processing system and transaction security. PCI is merely an attempt to extend the life of the current system, and while it is improving the state of security within the industry, no best practices standard can ever fully repair such a profoundly defective transaction mechanism as credit card numbers and magnetic stripe data.

Microsoft on Wednesday plans to launch a new research effort to determine the total cost of the patch-management cycle, from testing and distributing a fix to user deployment of the patch. The end result of the project, which will be completely open and transparent to outsiders, will be a full metrics model that the company plans to make freely available.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.