MacStories Team

363 posts on MacStories since July 2011

Articles by the MacStories team.

Founded by Federico Viticci in April 2009, MacStories attracts millions of readers every month thanks to in-depth, personal, and informed coverage that offers a balanced mix of Apple news, app reviews, and opinion.

This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


Voice Clones Have Crossed the Uncanny Valley [Sponsor]

Now, don’t get offended, but – you aren’t as good at clocking deepfakes as you think you are. 

And it’s not just you–nobody’s that good at it. Not your mom, or your boss, or anyone in your IT department. 

To make matters worse, you probably think you can spot a fake. After all, you see weird AI-generated videos of celebrities on social media and they give you that uncanny valley tingle. But it’s a different ballgame when all you’ve got to go on is a voice. 

In real life, people only catch voice clones about 50% of the time. You might as well flip a coin.

And that makes us extremely vulnerable to attacks.

In the “classic” voice clone scam, the caller is after an immediate payout (“Hi it’s me, your boss. Wire a bunch of company money to this account ASAP”). Then there are the more complex social engineering attacks, where a phone call is just the entryway to break into a company’s systems and steal data or plant malware (that’s what happened in the MGM attack, albeit without the use of AI).

As more and more hackers use voice cloning in social engineering attacks, deepfakes are becoming such a hot-button issue that it’s hard to tell the fear-mongering (for instance, it definitely takes more than three seconds of audio to clone a voice) from the actual risk.

To disentangle the true risks from the exaggerations, we need to answer some basic questions:

  1. How hard is it to deepfake someone’s voice? 
  2. How do hackers use voice clones to attack companies?
  3. And how do we guard ourselves against this… attack of the clones?

Like a lot of modern technologies, deepfake attacks actually exploit some deep-seated fears. Fears like, “your boss is mad at you.” These anxieties have been used by social engineers since the dawn of the scam, and voice clones add a shiny new boost to their tactics. 

But the good news is that we can be trained to look past those fears and recognize a suspicious phone call–even if the voice sounds just like someone we trust.  

If you want to learn more about our findings, read our piece on the Kolide blog. It’s a frank and thorough exploration of what we should be worried about when it comes to audio deepfakes.**

Our thanks to Kolide for sponsoring MacStories this week.


Whisper Memos: Turn Your Ramblings into Paragraphed Articles, Sent Right to Your Email Inbox [Sponsor]

Ideas are precious but fleeting. One moment, inspiration strikes, but if you don’t capture that lightning in a bottle, it’s gone before you know it. With Whisper Memos, you can harness the power of artificial intelligence to turn your ideas into orderly memos.

Whisper Memos combines the convenience of quick capture with the power of GPT-4. You can save a voice memo using your iPhone’s Action Button, the app’s Lock Screen widget, Whisper Memos’ Apple Watch app, Shortcuts, and more. Then, Whisper Memos uses AI to turn your recordings into orderly, paragraphed memos delivered directly to your email inbox a few seconds later.

The results are incredible. One moment, you’re recording audio on your iPhone or Apple Watch, and the next, you’ve got an email message easily identifiable by its custom subject line that has been carefully transcribed and organized into neat paragraphs.

Whisper Memos works on Wi-Fi, over a cellular connection, and offline, so it’s always available. The app also supports a long list of languages, and it integrates with Zapier, which allows you to connect Whisper Memos to other productivity apps like Notion, Trello, or your task manager. There’s even a privacy mode for ensuring no trace is left behind after your voice memos have been processed.

So, check out Whisper Memos today and use the code MAC24 by March 16th for 25% off forever. You’ll be amazed at how fast, accurate, and reliable it is at preserving your precious thoughts.

Our thanks to Whisper Memos for sponsoring MacStories this week.


Looking Past the Smoke and Mirrors of the MGM Hack [Sponsor]

The September 2023 MGM hack quickly became one of the most notorious ransomware attacks in recent memory. Journalists and cybersecurity experts rushed to report on the broken slot machines, angry hotel guests, and the fateful phishing call to MGM’s help desk that started it all.

And, like a slick magic trick, the public’s attention was drawn in the wrong direction. Now, months later, we’re still missing something critical about the MGM hack.

That’s because, for many of the most important questions about the breach, the popular answers are either incomplete or inaccurate. Those include: who hacked MGM, what tactics they used to breach the system, and how security teams can protect themselves against similar attacks.

Why is that a problem? Because it lets us write off the MGM hack as a one-off story, instead of an example of an emerging style of attack that we’ll certainly be seeing more of. And that leaves companies and security teams unprepared. 

Who hacked MGM?

Plenty of news stories have confidently blamed the MGM attack on either the Scattered Spider or ALPHV hacking group, but the truth is still murky, and likely involves a dangerous team up between different groups, each bringing their own expertise to the table.

Their attacks first use fluent English social engineering skills to get onto networks, where they then deploy sophisticated ransomware that quickly establishes persistence across multiple systems. 

What tactics did they use? 

The dominant narrative has been that “a single phone call hacked MGM.” A phone vishing attack to MGM’s IT help desk is what started the hack, but there’s much more to it than that. The real issue is that this help desk worker was set up to fail by MGM’s weak ID verification protocols, and probably wasn’t doing anything “wrong” when they gave the bad actors access to a super administrator account. 

How can security teams protect themselves? 

Cybersecurity experts have centered most of their advice on user ID verification. But while it’s true that MGM’s help desk needed better ways of verifying employee identity, there’s another factor that should have stopped the hackers in their tracks. 

That’s where you need to focus your attention. In fact, if you just focus your vision, you’ll find you’re already staring at the security story the pros have been missing.

It’s the device you’re reading this on. 

To read more of what we learned when we researched the MGM hack–like how hacker groups get their names, the worrying gaps in MGM’s security, and why device trust is the real core of the story–check out the Kolide Blog.

Our thanks to Kolide for sponsoring MacStories this week.


Apple Vision Pro Accessory Roundup: Our Favorites So Far

Slowly but surely, a growing number of accessories are popping up around the Apple Vision Pro. Today, we thought we’d share our favorites so far.

Battery Accessories

Battery Packs

The [Anker Prime 27,650mAh](https://amzn.to/3SpPCSm) power bank.

The Anker Prime 27,650mAh power bank.

John: Apple sells the battery pack that powers the Apple Vision Pro as a separate accessory for $199. However, because the Vision Pro’s battery includes a USB-C port for charging it, there are plenty of cheaper solutions.

One option is simply plugging Apple’s battery into its power adapter as you use it. However, if you want something more portable, I’d suggest a battery pack to charge your Apple battery pack. Any battery pack will do, but we have several listed on our Setups page that Federico and I use and recommend and will do the trick too.

Belkin Battery Holder

Federico: I never thought I’d become the sort of person who casually holsters a tech accessory in his daily routine, and yet here we are thanks to the Vision Pro. I decided to get the Belkin battery holder upon ordering the Vision Pro, and I’m glad I did. Not only does the clip on the case make it easier to walk around the house while wearing the Vision Pro (putting the battery in my pocket causes too much tension on the cable and I don’t like it), but it also provides a nice degree of protection for the battery itself. I genuinely recommend getting this if you plan on moving around a lot while using the Vision Pro.

Keyboard and Trackpad Accessories

John: The Apple Vision Pro’s built-in keyboard and dictation are fine for entering short bits of text when you’re using the device, but for anything more than a few words, you’ll want a keyboard. The Apple Magic Keyboard works best with the Vision Pro because it integrates tightly with visionOS, displaying a preview of what you’re typing that floats just above the keyboard. Plus, Magic Trackpad is the only trackpad that I am aware of that works with the Vision Pro.

The MagicBridge or a Lap Desk

The trouble is finding a way to use the Magic Keyboard and Trackpad when you’re away from your desk or a tabletop because both are small and can be hard to balance in your lap. There are a few options here, depending on your preferences. Twelve South’s MagicBridge joins the Magic Keyboard and Magic Trackpad using a plastic frame that holds the two together side-by-side. It works much better in the lap that way, but it’s also wide and can feel unbalanced when the keyboard is directly in front of you, and the trackpad is hanging off to the side.

Since my initial experiments with the MagicBridge, I’ve gravitated to a lap desk for those times that I’m sitting on the couch. There are a million of these on Amazon and elsewhere. However, I like the simplicity of the 30.5” Wood Curved Lap Desk Table Tray, which is a simple curved piece of wood without any notches for iPhones or ridges to hold a laptop in place to get in my way.

Hazevaiy Acrylic Magic Keyboard and Trackpad Support Stand

Federico: After some research and asking on Mastodon, I discovered that accessory manufacturers have been making for quite some time what is, effectively, the opposite of a MagicBridge: a tray where the Magic Trackpad and Keyboard are held in a laptop-like configuration, with the keyboard above the trackpad. I got a couple from Amazon, and I like the transparent one better than others I’ve seen thanks to its slimmer profile. (Plus, let’s face it – anything looks better when it’s made of transparent plastic.) These accessories all lack the sort of palm rejection features that are typically found on Mac laptops, so if you can get used to avoiding the trackpad with your palm or wrist when typing, I think you should consider this as a lap-friendly alternative to the MagicBridge.

A Smaller Case – Syntech Hard Carrying Case

John: By all accounts Apple’s Vision Pro case is very nice, but I wasn’t interested because it’s so bulky and expensive. Instead, I went with one Federico discovered on Reddit by Syntech that was originally made for the Meta Quest. It’s not small, but it fits in a backpack better than Apple’s case ever will. Inside, there’s a velcro strap for securing your Vision Pro in place and enough spare room to stow your battery and polishing cloth. Best of all, the Syntech case is less than $30.

Protecting the Vision Pro’s Lenses - KIWI design Lens Protector Cover

John: My most recent accessory find for the Vision Pro is the KIWI Lens Protector Cover. It’s another accessory originally designed for the Meta Quest, but it works perfectly with the Vision Pro too. There’s not much to say about the KIWI other than it’s a soft microfiber pillow that you stuff into the inside of your Vision Pro headset against the lenses to protect them. With a USB-C cable and other items in the same case as the Vision Pro, I feel better knowing that there’s a soft barrier between its lenses and everything else in my bag.


That’s it for now, but keep an eye on our MacStories Setups page for updates on the accessories we use with our Apple Vision Pros and other gear.


Paste - Endless Clipboard for Mac and iOS Devices [Sponsor]

In the dynamic digital world, efficiency is key. That’s where Paste steps in - your indispensable clipboard manager for Mac and iOS. Designed for the Apple enthusiast, Paste elevates your workflow to new heights of organization and ease.

With Paste, every copied item - whether text, image, or link - is intuitively stored across your Apple devices. This ensures that your clipboard history is always at your fingertips, whether you’re working on your Mac, iPhone, or iPad. 

Paste is more than just a clipboard manager; it’s a time machine for your digital life. Intelligent search allows you to swiftly find anything you’ve previously copied on any of your devices and customizable rules give you full control over your data privacy, letting you decide what gets stored and what doesn’t.

Designed to integrate seamlessly into your workflow, Paste offers large, easy-to-read content previews for quick retrieval. You can edit your clipboard contents before using them in other applications, keeping your most frequently used items just a click away.

Using Paste daily unlocks even more potential. Become a Pro user and enhance your efficiency by integrating Paste with Siri Shortcuts, stripping formatting with PlainText, and leveraging an extensive range of shortcuts.

Discover why Paste is a game-changer for productivity. Try it now for free on the Apple App Store and transform the way you manage your digital life.

Our thanks to Paste for sponsoring MacStories this week.


Are You Worse at Security Than the TSA? [Sponsored]

You know the drill: when you go through airport security there are two lines. In one, a TSA agent makes sure you’re the person in your passport photo. In the other, a machine scans your carry-on for explosives, weapons, or a normal-sized bottle of shampoo.

Enterprise security is much the same, but instead of passengers and luggage, we’re talking about end users and their devices. In the first line, user authentication verifies a user’s identity, and it’s gotten pretty sophisticated in the past few years, with SSO and MFA becoming more common.

But user devices don’t get nearly the same level of attention. The average device trust solution only looks at a handful of endpoint security factors, like OS updates and firewall. If this really were the TSA, that wouldn’t even be an x-ray machine, more like holding a bag to your ear and listening for a ticking sound.

And that’s assuming an organization looks at end user devices at all. Kolide’s Shadow IT report found that 47% of companies let unmanaged devices access their resources, and authenticate via credentials alone.

Unmanaged devices (those outside a company’s MDM) can be infected with malware, full of PII, or worse–they can belong to a bad actor using phished employee credentials.

And hey, there are valid reasons for a device not to be enrolled in MDM. Contractor devices, Linux machines, and employee phones all need to be able to access company resources. But there’s plenty of room for middle ground between “fully locked down and managed” and an open-door device policy.

Specifically, companies need device trust solutions that block devices from authenticating if they don’t meet minimum security requirements.

Even with phishing-resistant MFA, it’s frighteningly easy for bad actors to impersonate end users–in the case of the MGM hack, all it took was a call to the help desk. What could have prevented that attack (and so many others) was an unspoofable form of authentication for the device itself.

That’s what you get with Kolide’s device trust solution: a chance to verify that a device is both known and secure before it authenticates. Kolide’s agent looks at hundreds of device properties (remember, our competitors only look at a handful). What’s more, our user-first, privacy-respecting approach means you can put it on machines outside MDM: contractor devices, mobile phones, and even Linux machines.

Without a device trust solution, all the security in the world is just security theater. But Kolide can help close the gaps. (And we won’t even make you take off your shoes.)

To learn more, please watch our on-demand demo.

Our thanks to Kolide for sponsoring MacStories this week.


Memberful: Help Your Clients Monetize Their Passion [Sponsor]

If you have a client looking to monetize their passion by building a membership website, look no further than Memberful, the best-in-class membership solution used by creators, publishers, and media companies worldwide.

Memberful has everything you need to get a membership site up and running with ease so your clients can concentrate on creating content while earning revenue. Memberful makes it simple to get your site up and running by integrating with the technologies you already use, like WordPress. There are WordPress shortcuts and built-in functions that allow you to insert dynamic links and integrate Memberful data inside your WordPress theme. Plus, Memberful works with popular services like Mailchimp, Discord, Google Analytics, and more, making it easy to reach and monetize your audience wherever they are without starting from scratch.

We’ve used Memberful ever since we launched Club MacStories in 2015. Not only did Memberful make setting up the Club easy, but it has grown with us throughout the following eight years, allowing us to expand from a newsletter to downloadable content, members-only podcasts, and more. Best of all, everything works seamlessly with our existing tech stack.

When you use Memberful, you’re in complete control of your audience and brand. And, with a GraphQL API, webhooks, and OAuth Single Sign-On, integrating with your existing workflow and systems is straightforward. You’ll get comprehensive analytics, too, allowing you to understand what’s working and what’s not and make adjustments as you go.

Help your clients monetize their passion by getting started for free with Memberful. It’s the proven way for creators, publishers, and media companies to monetize their audiences.

Our thanks to Memberful for sponsoring MacStories this week.


Kolide: Struggling to Afford Cybersecurity Insurance? Here’s Why. [Sponsor]

When MGM Resorts suffered a $100 million hack in September, CEO Bill Hornbuckle wasn’t too worried about the lost revenue, because cyber insurance would cover the tab. “I can only imagine what next year’s bill will be,” he joked.

Weeks later, on a call with analysts, Hornbuckle complained about the “staggering” rise of insurance costs in the past few years.

This story neatly illustrates the crisis in cyber liability coverage. For years, companies have invested more in security insurance than in actual security. The result has been a tidal wave of data breaches that have driven up the cost of premiums to the point that they are rapidly becoming unaffordable.

Some large enterprises are responding to the increased costs by creating their own “captive carriers,” insurance providers that exist only to serve them. But that’s clearly not an option for small businesses, which are more likely to go without insurance altogether.

According to Andrew Bucci, VP of Sales at Amplified Insurance Partners, “It’s going to come to a point where some people may have to self-insure, which means that they don’t take a cyber policy out and they just cross their fingers they don’t have some sort of breach.” That’s a huge gamble for SMBs, since they could be driven to bankruptcy by a single security incident.

At Kolide, we’ve seen our cyber insurance premiums go up by 40% in just the last two years, and we got curious about:

  • What’s driving the increases?
  • Who really needs cybersecurity insurance?
  • How can the average company reduce their premiums?

What we found was that insurance companies themselves can help get us out of this crisis, by mandating some (pretty basic) security requirements for their customers–things like MFA, endpoint security, and retiring end-of-life software. 

Read the full blog to learn more about our findings.

Our thanks to Kolide for sponsoring MacStories this week.


Textastic Code Editor [Sponsor]

Textastic is the most comprehensive and versatile text and code editor for iPad and iPhone.

This begins with support for syntax highlighting of more than 80 programming and markup languages: Textastic covers a wide range, including HTML, JavaScript, CSS, C, C++, Swift, Objective-C, Rust, Go, Java, PHP, Python, Ruby, Perl, Lua, Markdown, LaTeX, YAML, JSON, and more. If your preferred language isn’t on the extensive list, you have the flexibility to add your own syntax definitions and themes, compatible with Sublime Text and TextMate.

With clients for SFTP, FTP, WebDAV, Dropbox, and Google Drive, however, Textastic goes well beyond the capabilities of a traditional text editor. The integrated SSH terminal further extends its functionality. With support for tabs, you can have multiple files and SSH terminals open simultaneously, even opening them in multiple windows side by side on iPad.

Whether crafting web pages, performing code reviews, or editing server configuration files, Textastic proves to be the ideal tool for your mobile workflow.

Customizable keyboard shortcuts, extensive configuration options, support for Git repositories using the Git client Working Copy, and powerful find and replace turn this app into the most powerful code editor you’ll find on iPad.

The long list of features also includes support for iCloud Drive, the Files app, drag and drop, trackpad and mouse, printing, Split View, multiwindowing, and a whole lot more.

In moments of uncertainty, the in-depth manual, with detailed descriptions and nearly 150 screenshots, is your comprehensive guide.

With the recent update to version 10, the user interface received a refreshing makeover, boasting new icons and a modern look across all areas of the app. Notably, Swift syntax highlighting has seen substantial improvements, and file uploads have been simplified.

Limited-Time Offer: Get Textastic at a 20% discount on the App Store ($7.99 instead of $9.99 in the US). This special pricing lasts only until January 28, 2024, giving you the perfect window to enhance your coding toolkit.

Our thanks to Textastic for sponsoring MacStories this week.