Categories
Security

2K Support warns users that it has been hacked

Borderlands and BioShock publisher 2K Games has been hacked. The company announced the breach on Wednesday, and it is warning customers to change their passwords and not open any emails from its support page.

The 2K Support Twitter account, which was not affected by the hack, posted the following message, saying that the hacker was sending seemingly legitimate emails to certain players containing malicious links, and strongly advised customers not to click on those emails if they happen to receive them. As a result, the company’s support page has gone offline while it resolves the issue.

Hey folks, please read an important message from our Customer Support team. Thank you. pic.twitter.com/yKI18eL7mY

— 2K Support (@2KSupport) September 20, 2022

If customers have clicked on the links already, 2K strongly urged them to immediately reset any passwords stored in their browser, enable multifactor authentication wherever possible, run a reputable anti-virus program, and check their account settings to see that no forwarding settings have been changed. The company then reiterated that it would never ask anyone for their password or other personal information, and apologized for any inconvenience the hack may have caused them.

The breach of 2K’s support is the latest in a series of cyber attacks committed in the last four days. On Saturday night, a hacker compromised Rockstar Games and leaked 90 video clips of development footage for Grand Theft Auto 6 on GTA Forums, causing a storm of controversy. The leaker, who is allegedly part of Lapsus$, is being investigated by the FBI after Uber also came forward confirming that it, too, suffered a cyberattack by the same person. It’s currently unknown who is behind this 2K hack.

Editors’ Choice




Repost: Original Source and Author Link

Categories
Security

Signal alerts 1,900 messaging users to a security threat from Twilio hackers

A data breach earlier this month affecting Twilio, a gateway that helps web platforms communicate over SMS or voice, may have had repercussions for users of Signal, the encrypted messaging platform. Today, Signal announced it has alerted 1,900 users that their accounts were potentially revealed to whoever hacked Twilio and said that the attackers searched for three specific numbers during the time they had access.

So far, Signal says it has heard from one of those three users that the attackers used their Twilio access to re-register a new device associated with their number, which would allow them to send and receive messages from that account.

According to Signal, “message history, contact lists, profile information, whom they’d blocked, and other personal data” for all users remained secure. However, if someone was among the users potentially revealed, and they don’t use Signal’s Registration Lock setting that requires their PIN to add a new device, then an attacker could’ve re-registered their account.

Signal is sending messages with a link to its support page for potentially affected accounts, as well as unregistering all devices connected to those accounts, and said it will be done with this process by tomorrow.

Summary

Recently Twilio, the company that provides Signal with phone number verification services, suffered a phishing attack. Here’s what our users need to know:

All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected.

For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio. 1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected.

We are notifying these 1,900 users directly, and prompting them to re-register Signal on their devices. If you received an SMS message from Signal with a link to this support article, please follow these steps:

Open Signal on your phone and register your Signal account again if the app prompts you to do so.

To best protect your account, we strongly recommend that you enable registration lock in the app’s Settings. We created this feature to protect users against threats like the Twilio attack.



Repost: Original Source and Author Link

Categories
Security

NPM users can now connect a Twitter account as a recovery method

Developers who use NPM, the popular JavaScript package manager, will now be able to connect their Twitter and GitHub accounts to the software as a recovery method.

The move was announced Tuesday along with a handful of other features meant to combine enhanced security with usability for the GitHub-owned package manager.

In a blog post, GitHub said that the changes would make it easier for users to secure their accounts, while also streamlining some security features that users had found burdensome.

“The JavaScript community downloads over 5 billion packages from npm a day, and we at GitHub recognize how important it is that developers can do so with confidence,” wrote GitHub product managers Myles Borins and Monish Mohan. “As stewards of the npm registry, it’s important that we continue to invest in improvements that increase developer trust and the overall security of the registry itself.”

GitHub and Twitter accounts can now be used as recovery options for NPM.
Image: GitHub/NPM

Besides the ability to connect Twitter and GitHub accounts as an authentication method, GitHub also announced that the use of two-factor authentication (2FA) for login and package publishing on NPM would be made easier.

Per the blog post, NPM had previously trialed the use of enhanced 2FA logins in a public beta release, but after feedback from the community, decided that certain features should be tweaked in order to be more user-friendly. This included adding a “remember me for 5 minutes” option so that users who successfully authenticated could disable 2FA prompts for a short period of time.

“Account security is significantly improved by adopting 2FA, but if the experience adds too much friction, we can’t expect customers to adopt it,” Borins and Mohan wrote. “Early adopters of our new 2FA experience shared feedback around the process of logging in and publishing with the npm CLI, and we recognized there was room for improvement.”

The improved security features are being made available in NPM 8.15.0, released July 26th, the post said.

As a core part of the open-source software ecosystem for the JavaScript programming language, NPM has been targeted by a number of malicious actors over the years. One of the main strategies has been for attackers to take control of packages by purchasing expired domains registered to package publishers and using these to set up email accounts that can be used to receive password reset emails for the package. In light of this, increasing the use of 2FA when logging into NPM accounts stands to create big security improvements.

NPM’s parent company, GitHub, is also working to improve security on the larger code-hosting platform: earlier this year, the company announced that all users who contribute code would need to have some form of 2FA enabled by the end of 2023.

Repost: Original Source and Author Link

Categories
Security

Anti-vax dating site exposed data for 3,500 users through ‘debug mode’ bug

Unsurprisingly, it seems like the type of people who shun vaccinations are not great at preventative cybersecurity either.

As reported by the Daily Dot, “Unjected” — a dating site specifically for people who are not vaccinated against COVID-19 — failed to take basic precautions to keep users’ data secure, leaving sensitive data exposed and allowing potentially anyone to become a site administrator.

The “Unjected” site was set up to leave the administrator dashboard fully accessible to anyone who knew how to look for it. Through this dashboard, an administrator could access user information for any member of the site, including name, date of birth, email address, and (if provided) their home address.

The configuration error was discovered by a security researcher known as GeopJr, who confirmed the vulnerability to the Daily Dot by editing live posts on the site. GeopJr apparently noticed that the site had been published live to the web with “debug mode” switched on — a special set of features for software developers to use while working on the app, which should never be enabled by default in an application that has been deployed.

Using these features, the researcher was able to make almost any change to the site, including adding or removing pages, offering free subscriptions for paid-tier services, or even deleting the entire database of post backups. Currently, the site is believed to have around 3,500 users, all of whose data was accessible through the administrator features.

Though its user base is small, Unjected seems to have big ambitions for building connections among the unvaccinated community. Besides providing dating services, Unjected also offers a “fertility” section where users can offer their semen, eggs, or breastmilk for donation. In another section of the website, users can also sign up for a “blood bank” by listing their location and blood type. Both the blood bank and the fertility services are branded as helping users find “mRNA-free” donors — a reference to the mRNA molecules used in the Pfizer and Moderna COVID-19 vaccines.

The Unjected website is now one of the main portals for the project after the Unjected app was booted from the Apple App Store in August 2021 for violating Apple’s COVID-19 content policies. However, Android users can still download the app if they want: it’s currently still listed on the Google Play store, where it has more than 10K downloads and an average review of 2.5 stars.

Repost: Original Source and Author Link

Categories
AI

Google is using AI to help users explore the topics they’re searching for — here’s how

“Can you get medicine for someone at the pharmacy?”

It’s a simple enough question for humans to understand, says Pandu Nayak, vice president of search at Google, but such a query represents the cutting-edge of machine comprehension. You and I can see that the questioner is asking if they can fill out a subscription for another person, Nayak tells The Verge. But until recently, if you typed this question into Google, it would direct you to websites explaining how to fill out your prescription. “It missed the subtlety that the prescription was for someone else,” he says.

The key to delivering the right answer, says Nayak, is AI, which Google is using today to improve its search results. The prescription query was solved in 2019, when Google integrated a machine learning model called BERT into search. As part of a new generation of AI language systems known as large language models (the most famous of which is OpenAI’s GPT-3), BERT was able to parse the nuances of our prescription query correctly and return the right results. Now, in 2021, Google is updating its search tools yet again, using another acronymized AI system that’s BERT’s successor: MUM.

Originally revealed at Google I/O in May, MUM is at least 1,000 times bigger than BERT, says Nayak; on the same order of magnitude as GPT-3, which has 175 billion parameters. (Parameters being a measure of a model’s size and complexity.) MUM is also multimodal, meaning it processes visual data as well as text. And it’s been trained on 75 languages, which allows the system to “generalize from languages where there’s a lot of data, like English, to languages where there’s less data, like Hindi,” says Nayak. That helps in ensuring that any upgrades it provides are spread across Google’s many markets.

A new feature rolling out in the coming months named “Things to know” will use AI to help users explore topics related to their searches.
Image: Google

Nayak speaks of MUM with pride, as the latest AI wunderkind trained in Google’s labs. But the company is also cautious. Large language models are controversial for a number of reasons. They’re prone to lying, for example — as happy writing fiction as fact. And they’ve been shown time and time again to encode racial and gender biases. This is a problem that Google’s own researchers have highlighted and been shot down for doing so. Notably, Google fired two of its top ethics researchers, Timnit Gebru and Margaret Mitchell, after they co-authored a paper highlighting problems with exactly this technology.

For these reasons, perhaps, the changes to search that Google is launching are relatively restrained. The company is introducing three new features “in the coming months,” some powered by MUM, each of which is ancillary to its search engine’s primary function — ranking web results. But Nayak says they’re just the tip of the iceberg when it comes to Google’s ambitions to improve its products with AI. “To me, this is just the start,” he says.

First, though, the features. Number one is called “Things to know” and acts as an advanced snippet function, pulling out answers to predicted questions based on user’s searches. Type in “acrylic painting,” for example, and “Things to know” will automatically generate new queries, like “How do you use household items in acrylic painting.” Nayak says there are certain “sensitive queries” that won’t trigger this response (like “bomb making”) but that most topics are automatically covered. It will be rolling out in the “coming months.”

The second new feature suggests further searches that might help users broaden or refine their queries. So, with the “acrylic painting” search above, Google might now suggest a narrower focus, like “acrylic painting techniques,” or a broader remit, like “different styles of painting.” As Nayak puts it, Google wants to use AI’s ability to recognize “the space of possibilities within [a] topic” and help people explore variants of their own searches. This feature will be available immediately, though it is not powered by MUM.

The third new feature is more straightforward and based on video transcription. When users are searching for video content, Google will use MUM to suggest new searches based on what it hears within the video. Nayak gives the example of watching a video about Macaroni penguins and Google suggesting a new search of “Macaroni penguin life story.” Again, it’s about suggesting new areas of search for users. This feature will launch on September 29th in English in the US.

In addition to these AI-based changes, Google is also expanding its “About This” feature in search, which will give new information about the source of results. It’s also bringing its MUM-powered AI smarts to its visual search tech, Google Lens.

Google will give users new option to “refine” or “broaden” their search — using MUM to explore related topics.
Image: Google

The change to search is definitely the main focus, but what’s interesting is also what Google isn’t launching. When it demoed MUM and another model LaMDA at I/O earlier this year, it showed off ambitious features where users could literally talk to the subjects of their searches, like the dwarf planet Pluto, and ask them questions. In another, users asked expansive questions, like “I just hiked Mt. Adams, I want to hike Mt. Fuji in the fall. What should I do differently?” before being directed to relevant snippets and web pages.

It seems these sorts of searches, which are rooted deeply in the functionality of large language models, are too free-form for Google to launch publicly. Most likely, the reason for this is that the language models could easily say the wrong thing. That’s when those bias problems come into play. For example, when GPT-3 is asked to complete a sentence like “Audacious is to boldness as Muslim is to …,” nearly a quarter of the time, it finishes the sentence with the word “terrorism.” These aren’t problems that are easy to navigate.

When questioned about these difficulties, Nayak reframes the problems. He says it’s obvious that language models suffer from biases but that this isn’t necessarily the challenge for Google. “Even if the model has biases, we’re not putting it out for people to consume directly,” he says. “We’re launching products. And what matters is, are the products serving our users? Are they surfacing undesirable things or not?”

But the company can’t completely stamp out these problems in its finished products either. Google’s Photo app infamously tagged Black people as “gorillas” in one well-known incident, and the sort of racial and gender-based discrimination present in language AI is often much more subtle and difficult to detect.

There’s also the problem of what the shift to AI-generated answers might mean for the wider future of Google search. In a speculative paper published earlier this year, Google’s researchers considered the question of replacing search altogether with large language models and highlighted a number of difficulties with the approach. (Nayak is definitive that this is not a serious prospect for the company: “That is absolutely not the plan.”)

And there’s also the consistent grumbling that Google continues to take up more space in search results with its own product, shunting searches to Google Shopping, Google Maps, and so on. The new MUM-powered “Things to know” feature certainly seems to be part of this trend: filleting out the most informative search results from web pages, and potentially stopping users from clicking through, and therefore sustaining the creator of that data.

Nayak’s response to this is that Google delivers more traffic to the web each year and that if it doesn’t “build compelling experiences” for users, then the company “will not be around to send traffic to the web” in the future. It’s not a wholly convincing answer. Google may deliver more traffic each year, but how much of that is just a function of increasing web use? And even if Google does disappear from search, wouldn’t other search engines pick up the slack in sending people traffic?

Whatever the case, it’s clear that the company is putting AI language understanding at the heart of its search tools — at the heart of Google, indeed. There are many open questions about the challenges of integrating this tech, but for now, Google is happy to continue the search for answers of its own.

Repost: Original Source and Author Link

Categories
Game

Epic Games Store will randomly ask users to rate games to prevent review bombing

has added a long-awaited feature to its store: user ratings. The company that only those who have played a game for at least two hours will be able to rate it on a five-star scale. Not everyone will be able to rate a game either. Epic will randomly offer players the chance to score a game after they finish a play session. The company believes this approach will prevent and make sure ratings are from people who are actually playing the games.

An overall rating will be calculated based on players’ scores and this will appear on a title’s page. The aim, of course, is to help users figure out whether a game’s worth playing. Store pages already featured critics’ reviews to help folks make a decision about whether to buy or download something.

Epic says it likely won’t ask for ratings on every game or app and the randomization approach will help it avoid spamming players. That seems like a good call. It’s a little annoying, for instance, that Microsoft asks for feedback after every Xbox Cloud Gaming session.

Polls on Epic Games Store

Epic Games

In addition, Epic may ask you to answer a poll after a game session. There’s a broad range of questions, including the likes of whether a game is better to play with a team or how challenging the combat is. 

Epic will use data from polls to create tags for store pages. Eventually, tags will be used on category pages and to create tag-based categories for the home page. The idea is to improve discoverability and help people gain a better understanding of what to expect from a game. 

Separately, Epic is a set of cross-play tools for developers. Epic Online Services an overlay that can merge Steam and Epic Games friends lists and help players find their buds, send friend requests and hop into multiplayer sessions with cross-platform in-game invites.

Epic has broader ambitions for support beyond Steam. It’s working to support other PC launchers, as well as macOS and Linux. It will add cross-play tools for consoles and mobile to the SDK further down the line. Several of Epic’s own games — including Fortnite, Rocket League and Fall Guys: Ultimate Knockout — have full cross-play support.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Repost: Original Source and Author Link

Categories
Security

Anonymous bulletin board app Yik Yak is revealing its users’ exact locations

Yik Yak, an app that acts as a local anonymous message board, makes it possible to find users’ precise locations and unique IDs, Motherboard reports. A researcher who analyzed Yik Yak data was able to access precise GPS coordinates of where posts and comments came from, accurate within 10 to 15 feet, and says he brought his findings to the company in April.

First launched in 2013, Yik Yak was popular on college campuses, where it was often used to gossip, post updates, and cyberbully other students. After waning relevance and failed attempts at content moderation, the app shut down in 2017, only to rise from the dead last year. In November, the company said it had passed 2 million users.

Motherboard spoke with David Teather, a computer science student based in Madison, Wisconsin, who raised the security concerns to Yik Yak and went on to publish his findings in a blog post. The app shows posts from nearby users but displays only approximate location, such as “around 1 mile away,” up to five miles, to give users a sense of where in their nearby community updates are coming from.

Though Yik Yak promises anonymity, Teather points out that combining GPS coordinates and user IDs could de-anonymize users and find out where people live since many are likely to be using it from home and the data is accurate to within 10 to 15 feet. That combination of information could be used to stalk or watch a particular person, and Teather mentions that the risk could be higher for people living in rural areas where homes are more than 10 to 15 feet apart because a GPS location could narrow a user down to one address.

As Motherboard reports, the data is accessible to researchers like Teather, who know how to use tools and write code to extract information — but the risk was real enough to prompt Teather to bring it to Yik Yak’s attention.

“Since user ids are persistent it’s possible to figure out a user’s daily routine of when and where they post YikYaks from, this can be used to find out the daily routine of a particular YikYak user,” Teather writes. He listed other ways the data could be abused, like finding out where someone lives, monitoring users, or breaking into someone’s home when they’re not there.

Yik Yak did not respond to a request for comment from The Verge.

According to Motherboard, the latest version of the app released by Yik Yak no longer exposes precise location and user IDs, but Teather says he can still retrieve that information using previous versions of the app.

“If YikYak did take this more seriously they would restrict these fields from being returned and break older versions and force users to upgrade to a newer version of the app,” he wrote in the blog post.



Repost: Original Source and Author Link

Categories
Security

Phishing attack pop-up targets MetaMask users visiting popular crypto sites

As if this week weren’t bad enough for many cryptocurrency owners, with stablecoins crashing and Coinbase suffering an outage at a particularly bad time, now they’ve reportedly been targeted by a new phishing attack. As reported by CoinDesk and The Block Crypto, sites including Etherscan, CoinGecko, and DexTools all warned users that they were aware of suspicious popups appearing for visitors, and advised them not to confirm any transactions based on popups.

Like many recent phishing attacks, this one appeared to promise a link to the Bored Ape Yacht Club project, with an ape skull logo and a (now-disabled) nftapes.win domain. It prompted users to connect their MetaMask wallets (a software cryptocurrency wallet that enables access on your phone or via a browser extension) to use on the site, and since it was appearing on domains that many people trust and use every day, they may have fallen for it and given it access.

Last November, the security company Check Point Research identified a phishing attack that used Google Ads that would either attempt to steal someone’s credentials or trick them into logging into the attacker’s wallet so that it would receive any transactions they attempted. In February, a phishing attack stole $1.7 million worth of NFTs from OpenSea users, while a more recent attempt via Discord only snagged $18,000 worth of tokens.

Etherscan said it has disabled third-party integrations for the time being. A tweet from CoinGecko identified the source of the malicious popup as Coinzilla, an industry advertising network that told customers it could deliver over 1 billion impressions per month across more than 600 reputable sites popular with crypto enthusiasts.



Repost: Original Source and Author Link

Categories
Security

Signal launches in-app sustainer program to accept donations from users

Secure messaging app Signal has launched a new feature that allows users to make donations within the app, the company announced. As a nonprofit, Signal doesn’t receive financial support from any advertisers or shareholders, a new blog post notes, and relies on users for donations.

Users can choose to make monthly donations, or one-off contributions within the app using Apple Pay or Google Pay, and their payment information won’t be associated with a user’s Signal account, according to the blog post, as the company will use the same anonymous credential scheme it uses for private Signal groups:

Clients make payments and then associate a badge to their profile such that the server can authenticate the client is in the set of people who made a payment, but doesn’t know specifically which payment it corresponds to.

Long a popular messaging app for people who want to secure their text messages, earlier this year, Signal began adding some of the more consumer-friendly features that other messaging apps have had for a while, like stickers and wallpapers.

To donate to Signal, users can choose from three different sustainer levels, at $5, $10, or $20, each with its own badge. Sustainer subscriptions will only renew if a customer uses Signal during the course of a month; if you uninstall or stop using the app, the payments will be canceled before the next cycle to “eliminate the ‘dark pattern’ of subscriptions you’ve forgotten about,” the company said. Signal plans to add support for additional payment methods in the future.

Repost: Original Source and Author Link

Categories
Computing

The Best Gifts for Mac Users: Holiday Gifts for Apple Fans

It’s the time of year to start looking for gifts for all the important people in your life. If you’ve got a loved one who’s a Mac obsessive — or you just want to get a great Mac accessory for yourself — our round-up of tip-top Mac gifts will have you sorted this holiday season.

We’ve put together a range of goodies that’ll work for even the most demanding of Mac users. From mice and keyboards to Thunderbolt docks, microphones, and webcams, there’s something here for everyone.

Logitech MX Master 3 for Mac

Apple’s Magic Mouse is great for MacOS gestures, but its low-profile shape can become uncomfortable to use after a while. The good news is there’s a much better alternative that’s designed specifically for Mac users: The Logitech MX Master 3 for Mac.

This superb wireless mouse is comfy to use and features a clever scroll wheel that automatically switches between precise ratchets and free-flowing movement, depending on how hard you spin it. On the side, there is also a thumb wheel that scrolls your pointer horizontally.

Even better, the mouse comes preloaded with built-in MacOS shortcuts. In Photoshop, for instance, the thumb wheel adjusts your brush size, while the thumb buttons undo and redo actions. Press and hold the button at the foot of the thumb rest, and you can even perform native MacOS gestures — just swipe the mouse as you would on an Apple trackpad while pressing the button. When it comes to Mac mice, there’s simply nothing better.

Logitech MX Keys

Logitech MX Keys Mini charges via USB-C.

The perfect pairing for a great mouse is a brilliant Mac keyboard, and Logitech’s MX Keys is just that. It’s the ideal gift for any Mac user stuck on a MacBook’s older butterfly keyboard or for anyone who is left unsatisfied by Apple’s Magic Keyboard.

Each key is dished slightly so that it comfortably fits your finger with each press. There’s a built-in backlight and full numpad, plus a row of function keys too. It can switch between three different devices — no need to use multiple keyboards for multiple Macs — and if you install the Logitech Flow app, you can copy and paste files directly from one Mac to another. There’s even a smaller MX Keys Mini if you want to ditch the number pad.

If you’re looking for a mechanical keyboard to match with your Mac, try the Keychron K8. It’s superbly comfy and reliable and can switch between multiple devices in a snap. And with its satisfying mechanical switches, it’s a great option for someone who spends all day typing on their Mac.

Satechi Aluminum Laptop Stand

The Satechi Aluminum Laptop Stand for MacBook Pro and MacBook Air.

If you know someone who spends a lot of time hunched over a MacBook, do their back a favor by getting them a MacBook stand that raises their device to a more comfortable height. The Satechi Aluminum Laptop Stand does exactly that.

What it does well is combine style and substance. Its aluminum frame comes in silver or space gray to match your existing Apple devices, and its simple hinge is unobtrusive and unassuming. It looks great and will fit right in on your desk.

It’s solidly built and clever, too. Because it works on a single hinge, it folds down flat and is easy to slip into a backpack. There are rubber strips on the top and bottom, helping to keep the stand in place and prevent your MacBook from slipping. It’s fairly priced, so won’t break the bank either.

Anker PowerExpand+ 7-in-1 USB-C Hub Adapter

The Anker PowerExpand+ 7-in-1 USB-C Hub Adapter.

Apple’s latest MacBooks have finally restored some of the port variety that the company’s laptops have been missing for so many years. While they added HDMI and an SD card slot, you still don’t get any USB-A ports. And if you use an older MacBook, all you have are USB-C ports.

A USB-C hub can go a long way to fixing this problem, and Anker’s PowerExpand+ is a great choice. It adds seven new ports, including HDMI, SD card, microSD, two USB-A slots, and two USB-C ports. One of those USB-C slots supports up to 100W of power delivery, so you can juice up your MacBook via the PowerExpand+ if all your other USB-C ports are in use.

You get all that for $35, which is an excellent price for the frustration it prevents and the expansion options it brings.

CalDigit TS3 Plus

The CalDigit TS3 Plus Thunderbolt 3 dock.

If you’re looking for some more serious port expansion, a Thunderbolt dock will be right up your street. Our favorite — by some distance — is the CalDigit TS3 Plus.

Why do we love it so much? It sounds strange, but one of its biggest draws is simply its reliability. When you’re plugging a host of different devices into a Thunderbolt dock, you want them to work properly 100% of the time. That’s surprisingly unusual in the Thunderbolt dock world, but CalDigit’s offering never skips a beat.

It offers a ton of ports (15 in total), including five USB-A, three Thunderbolt 3 (including one that provides 87W of power delivery), audio in and out, an SD card slot, DisplayPort 1.2, Gigabit Ethernet, and more. If you need to connect something to a Mac, chances are the CalDigit TS3 Plus can handle it with ease.

Elgato Wave:3

With so many of us working from home these days, either permanently or temporarily, sounding your best on work calls is essential. The built-in mics inside Apple’s MacBooks are fine, but if you want to go to the next level, the Elgato Wave:3 makes for an excellent gift.

Part of its appeal is how easy it is to get set up and running. For instance, instead of needing to monitor and adjust levels, the Wave:3 has a built-in feature called Clipguard,  which helps combat sudden peaks in volume that can produce rasping or unpleasant sounds. You can tweak levels if required, but it’s nice knowing Elgato’s mic has your back from the off.

Outside video calls, it’s our favorite microphone for streaming, thanks to its Mac companion app that lets you blend audio inputs while your show is live. That makes it a great all-rounder that excels in a number of different fields.

Logitech Brio Ultra HD Pro

Logitech Brio
Brad Bourque/Digital Trends

Apple has been dragging its heels in recent years when it comes to webcams, and we had to wait until the 2021 MacBook Pro before we saw the first 1080p webcam grace the company’s portable Macs. If you’re stuck on a 720p MacBook (or know someone else who is), you might be looking for a better webcam to help you look your best on video calls.

If it’s quality you’re after, there are none better than the Logitech Brio Ultra HD Pro, which is one of the best 4K webcams you can buy. It offers ultra-sharp 4K resolution running at 30fps, or if you need smoother footage, it also runs at 1080p 60fps and 720p 90fps. There are further customizations for the field of view, ranging from 65 degrees to 90 degrees — depending on what you want to capture.

There’s much more, including RightLight 3 tech that corrects your lighting, HDR image capture, and omnidirectional microphones with noise cancellation. It’s a brilliant gift for someone who needs a webcam that can do it all.

iFixit Essential Electronics Toolkit

The iFixit Essential Electronics Toolkit for repairing electronic devices.

For all the great things you can do with a MacBook, you’ll be hard-pressed to repair it if it ever breaks. Apple packs so much inside its laptops that finding your way around the components, cables, screws, and glue can be a real nightmare. If you’re a tinkerer, there’s a secret weapon that can make things much easier: iFixit’s Essential Electronics Toolkit.

Produced by the famous repair company and used in all its product teardowns, this toolkit contains everything you need to pry open a MacBook and dig into its high-tech internals. You get 16 screwdriver heads of different shapes and sizes, tweezers, a suction handle, a spudger, and more.

Put together, these tools should make light work of the booby traps you often find inside Apple devices. If you’ve been dying to repair your Mac or know someone else who is, this kit makes for a great holiday present.

Editors’ Choice




Repost: Original Source and Author Link