Top 6 Keyboards For Geeks

Six keyboards you should definitely check out: Das Keyboard Mechanical Keyboards, Logitech MX Keys & Logitech MX Ergo, Logitech Solar Keyboard, system76 Open Source Launch Keyboard, and MatiasWorldwide Tactile Pro.

Find links to each in Mac Geek Gab 894

Facebook Blocking Warnings of Identity Theft from Quizzes

The growth of “fun” quizzes on Facebook has been like an out-of-control wildfire. You know the ones. They ask you a few seemingly harmless questions, like your first job or the street you grew up on. At the end, you learn which Hogwarts House is right for you. The problem is these questions often mirror the security questions your bank, finance company, or credit card company use. They help identity theft happen. The really scary thing is that at least one person has tried to let folks know the danger by linking to Avast’s warning. Facebook removed the post, claiming it went “against our community standards”. I can’t help but wonder just why Facebook would be opposed to a post trying to help avert identity theft.

The questions in these quizzes are all meant to tease out as much personal data as they can possibly get from you, including hints to your passwords and identity verifications, such as “What was the name of your first pet?” or “What street did you grow up on?” At the end of the string of questions, you will get a made-up answer, such as “You belong in Gryffindor!” At the end of the same string of questions, the data scrapers will have enough to start building (or adding to) a profile of all your information.

Private Messenger 'Signal' Adds Anti-Spam Features in Update

Signal recently announced some new features designed to help reduce spam on the platform, such as a Report Spam and Block button.

When a user clicks “Report Spam and Block”, their device sends only the phone number that initiated the conversation and a one-time anonymous message ID to the server. When accounts are repeatedly reported as spam or network traffic appears to be automated, we can issue “proof of humanity” checks to suspicious senders so they can’t send more messages until they’ve completed a challenge.

Cryptee Update Brings Encrypted PDFs and Print-Accurate Editing

An update to Cryptee, a platform for encrypted photos and documents, brings Paper Mode, a print-accurate view for your documents. It also adds editing for encrypted PDFs.

You can now work on your documents in Cryptee Docs, using a print-accurate paper view, by choosing paper sizes like A4 / A3 / US Letter / US Legal etc, just like the way you would in Microsoft Word or Google Docs.

While exporting your documents as PDF files, you can now easily set a key, and encrypt the PDFs. These encrypted PDFs can be opened using any PDF viewer, on all operating systems and PDF viewer apps.

'Shrootless' macOS Bug Could Bypass System Integrity Protection

Microsoft reported a macOS vulnerability it calls Shrootless. It could let an attacker bypass SIP and perform arbitrary operations on the device. It has been patched by Apple with the most recent Mac updates this week.

We found that the vulnerability lies in how Apple-signed packages with post-install scripts are installed. A malicious actor could create a specially crafted file that would hijack the installation process. After bypassing SIP’s restrictions, the attacker could then install a malicious kernel driver (rootkit), overwrite system files, or install persistent, undetectable malware, among others.

Twitter 'Super Follows' is Now Available for All iPhone Users

Super Follows is a new Twitter feature that lets creators make money through subscriptions. It has now rolled out to all iPhone users.

The feature launched in September after first being announced in February. Super Follows are another tool for creators to earn money through the social media platform. Eligible accounts are able to set the price for Super Follow subscriptions, with the option of charging $2.99, $4.99 or $9.99 per month. Creators can choose to mark some tweets for subscribers only while continuing to reach their unpaid follower base in regular tweets.

Blockchains Aren't as Private as You Think, But They Could Be

Cybersecurity expert Mashael Al Sabah was recently featured on MIT’s Business Lab podcast. She talks about privacy issues with blockchain technology and how they can be fixed. You can listen to the podcast with the link below (direct link on Apple Podcasts), and.or read the podcast transcript.

A lot of people think that they are completely anonymous when they use Bitcoin, and this gives them a false sense of security. In our research, what we did is that we crawled social media, like there’s popular forum for Bitcoin users called Bitcointalk.org, and we crawled Twitter as well for Bitcoin addresses that users attributed to themselves. In some forums, people share their Bitcoin addressees along with their profile information. So, now you have the public profile information, which includes usernames, emails, age, gender, city.

A Closer Look at Apple's $20 Polishing Cloth

The folks over at iFixIt have done their traditional teardown of the new MacBook Pro. They also took the time to tear apart the $20 polishing cloth Cupertino has begun selling. The cleaning cloth feels like the inner lining of an iPad Smart Cover, they say. That accessory features a thin layer of microfiber on the inside. Both apparently have a synthetic leather feel to them along with a bit of fuzziness

The new Apple Polishing Cloth earns a 0 out of 10 on our repairability scale, for distracting us from a very important MacBook Pro teardown and not going back together after we cut it into pieces with scissors.

Native Dropbox Support For M1 Macs Doesn't Seem to be Happening

[Update November 1, 2021: Dropbox CEO Drew Houston has said that his company is working on a native M1 build. It plans to release it in the first half of 2022. Original post below]

It looks likes users with M1 Macs shouldn’t expect native support from Dropbox any time soon. MacRumors reported on a long-running support thread discussing the issue of Apple Silicon.

An official Dropbox support thread, shared by Mitchell Hashimoto on Twitter, reveals a fiasco around native support for Apple silicon Macs. Dropbox is seemingly insisting that a significant number of community members will have to vote for native Apple silicon support for it to be implemented. There are also multiple repetitious requests with different phrasing, fragmenting users’ votes for support. In July, responses from Dropbox staff on the thread explained that “this idea is going to need a bit more support before we share your suggestion with our team,” and flagged Apple silicon support as in need of more votes. A month ago, Dropbox staff again replied to the thread requesting native Apple silicon support, saying that Dropbox will continue to be compatible with all devices that run supported versions of macOS using Apple’s Rosetta translation layer. Additional complaints in the thread claim that Dropbox with Rosetta hemorrhages MacBook battery life and uses a disproportionate amount of memory.

Kandji Announces 'Passport' for Secure Mac Authentication

Kandji has announced the release of Passport, an authentication product that creates a seamless, one-password sign-in experience for users.

Kandji Passport validates the credentials a user provides during Mac login against an organization’s cloud-based identity provider (IdP), so users need to remember just one password for both their Mac computers and the organization’s single sign-on (SSO) provider. Passport provides a native Mac login experience while streamlining device configuration, management, and security tasks for IT admins.

(Update) Medical AI Company 'Deep6' Leaks 68 GB Trove of Patient Records

Security researcher Jeremiah Fowler together with the WebsitePlanet research team found an unprotected database belonging to Deep6. The records appear to contain data of those based in the United States.

Update: Deep6 reached out and said the news is misleading, saying “In August, a security researcher accessed a test environment that contained dummy data from MIT’s Medical Information Mart of Intensive Care (MIMIC) system, an industry standard source for de-identified health-related test data. To confirm, no real patient data or records were included in this ephemeral test environment, and it was completely isolated from our production systems.”

Meanwhile, according to WebsitePlanet, Mr. Fowler said, “I sent 3 follow up emails on Aug 11, Aug 12, Aug 23. No one has ever replied since the first message on Aug 10th. I validated that the doctor’s names were real individuals by searching obscure names (see screenshot). This is highly unusual in my experience to use real individuals’ data in a ‘dummy environment’ under any circumstances. Because no one replied, we added our disclaimer that we are highlighting that no patient data appeared in plain text, the records were “medical related”, and we never implied any wrongdoing or risk.”

Latest Amazon TVs Will Support AirPlay 2, HomeKit

Amazon released its Omni and 4-Series Fire TVs on Wednesday. It also announced that the devices will soon support AirPlay 2 and HomeKit, according to The Verge.

Amazon has already rolled out AirPlay 2 and HomeKit to some of its “Fire TV Edition” TVs from Toshiba and Insignia. Curiously, these features have yet to come to the company’s standalone Fire TV streaming devices — including the just-released Fire TV Stick 4K Max. I’m not sure if that’s an intentional choice, but it’s a bit odd that Amazon is ready to announce support on day one for its brand-new TVs with nothing to share about AirPlay 2 coming to its cheaper devices. (Roku supports AirPlay 2 on both its players and Roku TVs.)

How Well Do the M1 Pro and M1 Pro Max Chips Handle Games?

Apple said that its latest chips, the M1 Pro | Pro Max are great for content creators like developers and photographers. What about gamers?

All games were run at a full-HD-equivalent resolution (1,920 by 1,200 pixels) because the two new MacBook Pros have differing native display resolutions. (Testing at each laptop’s native resolution would have rendered the scores non-comparable.)

Dental Data Breach Affects 125,000 Patients in 10 States

North American Dental Management suffered a data breach between March 31 and April 1, 2021. It happened as the result of phishing. This group provides administrative and technical support services for Professional Dental Alliance (PDA) offices.

PDA said that it had not found any evidence of any actual misuse of personal information and that its investigation of the matter indicates that the attack was limited to email credential harvesting.

The threat actor did not access PDA’s patient electronic dental record or dental images; however, the Alliance found that some sensitive personal information may have been present in the compromised email accounts.

The breach was reported to the DHS’s Office for Civil Rights, impacting 125,760 patients in Connecticut, Florida, Georgia, Illinois, Indiana, Massachusetts, Michigan, New York, Texas and Tennessee.