New phishing scams use familiar internet services to con potential victims. We have some examples. And we have an overview of Apple’s highly anticipated Apple Intelligence features debuting in its latest operating system updates.
If you like the Intego Mac Podcast, be sure to follow it on Apple Podcasts, Spotify, or Amazon.
Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you’re ready to buy.
Get Apple security news delivered straight to your inbox, for free. Intego’s twice-monthly newsletter will keep you informed about Apple-related privacy and security, along with tips and tricks for getting the most out of your Mac or iPhone. Subscribe for free—no strings attached.
Transcript of Intego Mac Podcast episode 374
Voice Over 0:00
This is the Intego Mac podcast—the voice of Mac security—for Thursday, December 12, 2024. This week’s Intego Mac podcast. Security headlines include: new phishing scams use familiar internet services to con potential victims. We have some examples. And we have an overview of Apple’s highly anticipated Apple Intelligence features debuting in its latest operating system updates. Now here are the hosts of the Intego Mac podcast, veteran Mac journalist Kirk McElhearn and Intego’s chief security analyst, Josh Long.
Kirk McElhearn 0:40
Good afternoon. Josh, how are you today?
Josh Long 0:44
I’m doing well. How are you, Kirk,
Apple has released the so-called “dot 2” updates to its operating systems
Kirk McElhearn 0:48
I’m doing fine. Just before we started recording, we’re recording this on Wednesday, the 11th, the dot two updates from Apple were released, and we’re updating all of our devices except the ones that we’re using to record this podcast. Now I’ve been running the 18.2 betas on my iPad and the 15.2 beta on my MacBook Air. For a long time, I put the release candidate of 18.2 on my iPhone. There was one release candidate last Thursday, there was another one Monday, and now I’m still getting an update for the 18 for iOS 18.2 meaning that this supersedes the last release candidate. So this is the two release candidates plus a release which usually isn’t the case. Now we’re going to talk in the second part of the show about all the wonderful Apple Intelligence features that are in these dot two upgrades and the ones that are still months away. Where do we what do you want to say about all these wonderful upgrades? Josh, are you excited?
Josh Long 1:44
Well, I’m excited to see what security updates are available right now. We don’t know that yet. As of when we’re recording, Apple has not yet released the details, but I do expect that we’ll get some security patches we usually do in the big releases like this one.
Kirk McElhearn 1:57
I don’t think we’ll know about that immediately. Apple generally announces that you know hours after the release. So if you’re listening to this and you haven’t updated yesterday, you can update all your devices, back them up, first again. Second half of the show, we’ll talk about the wonderful Apple Intelligence features, and if they’re truly wonderful. But in the meantime, we want to talk about some fake package delivery texts and emails. Now, I don’t know about you in the US, but here, we only started getting these text messages about five years ago, saying your delivery is coming between this time and this time, and here, depending on the delivery company, you can click a link to follow them on the web, you can see where the truck is and you can see how long it’s going to take to get to you. Has this been around for a long time in the US?
Josh Long 2:41
There are some companies that will send you a text message, sometimes they’ll send you an email, if it does require a signature upon delivery, or something like that, then they’re more likely to actually reach out to you. But it is a bit hit or miss, like for the most part, most of the packages that I get, I don’t get any kind of text or email alert. Of course, most of the packages I’m getting are from Amazon, so I do get a push notification from Amazon about the package.
Package delivery text messages can contain phishing links
Kirk McElhearn 3:05
Okay, so we have an article on the Intego Mac security blog that you wrote about fake package delivery text and you mentioned specifically UPS, which is one of the carriers here that sends text messages. And when I get one of these, I generally don’t look at the link very carefully, right? If I know that I’m due to get a package from UPS or DHL or DPD, which is usually the case, I’ll just think, Oh, good. I got a link, and I can find what time they’re coming. But the problem is, if you’re not sure you’re going to get something, maybe a friend sent you something via UPS or FedEx or whatever, you might get a link that isn’t really what it’s supposed to be.
Josh Long 3:43
Yeah, another Intego employee sent me a screenshot of this. It starts out saying, your package cannot be delivered due to incorrect address information. Please update your address and we will deliver it as soon as possible. Now, that sounds a little bit weird, because, like, somehow they have my phone number, but they claim that my they had my address incorrect like that. Seems a little suspicious, but okay, let’s assume that you didn’t quite have a red flag in your head yet at this point, the next thing that they give you is a web address, and it’s HTTPS, Okay, looks good so far. Colon, slash, slash, usps.com, so United States Postal Service, but it doesn’t end there. The next character is a hyphen, and if you look really carefully at it, you’ll understand that this is usps.com hyphen, track something or other. Dot top is the actual domain. So the domain is not really usps.com it’s actually com, hyphen, track something else, dot top. That’s the real domain that they’re using. USPS is actually just a sub domain, but because the domain itself begins with com, it looks at a glance like the URL begins with usps.com, when it’s actually not. It’s very deceptive, and if you’re not paying really close attention, or if you just don’t know what to look for, maybe that hyphen doesn’t look weird to you. If you’re not used to paying really close attention to how a web address looks, this can really easily trick somebody into thinking this is a legitimate USPS link.
Kirk McElhearn 5:21
I know most people don’t use Safari on a Mac and on an iPhone or an iPad, they’ll probably use Safari, but they still might use Chrome. Some years ago, Apple removed the default to show a full website address in Safari. If you go into Safari Settings Advanced, you can check a box to show the full website address. So what’s going to happen is you’re going to be more used to seeing these addresses in your web browser instead of just seeing a domain. And it means you’re going to be more sensitive to just the way web addresses are constructed. You’ll be more aware that, you know, this is a domain, this is what comes after the slash, and this is where the Hyphens are. And I think having removed that means that people web addresses URLs, they’re kind of gibberish for most people anyway, right?
Josh Long 6:10
Yeah. And to be fair, this particular way of tricking people into thinking that a URL is something that it’s not is really clever, and I would not be. I wouldn’t expect everybody to instantly recognize the phishing link. If this is confusing to you, like even looking at this, if you’re still not sure how to identify one or the other, just remember a slash is what comes after the domain. If you see anything else after, like a.com for example, besides a slash, that means that it’s that same domain is still continuing, which means it’s probably trying to trick you. And if even that is still confusing to you, then maybe contact an expert, somebody who really understands computer security, that friend or relative, send them a screenshot. You can take a screenshot on your iPhone. It’s a little bit different depending on what iPhone model you have. If you have one with face ID, it’s a volume button plus the power button. If you have an older iPhone that has touch ID, then you press the power button plus the home button together to take a screenshot, and then you can attach that to to a message and send it to a friend. One other interesting thing about this scam message is that it actually came over iMessage. Now you might find that a little bit surprising, because a lot of times scam messages come over SMS, right, a plain text message, but because this came over iMessage, you might be inclined to think, if it’s going through Apple System, presumably they’re doing some kind of filtering, right, and they would be able to tell and block this thing so it wouldn’t get to me. But scam messages can come over. I messages too.
Email phishing scams use legitimate financial services to disguise their intent
Kirk McElhearn 7:48
Okay, we want to talk about a couple of emails that I’ve gotten in the past few days. I received about four money requests from PayPal, and each one of these emails has the name of a person that says, sent you a money request. The amount requested is $399.99 then there’s a note from the person fraud or didn’t make this order, call us at one 800 sucker. And there’s a transaction ID, there’s a date, there’s a button pay now. And if I hover my cursor over it, I can see that the link is actually PayPal. So this is a an actual money request sent in PayPal, you can do this. You can send, put someone’s email, say, Send me some money, because I don’t know you sold something. They’re paying you back. We’ve talked about some fake invoice scams recently, and I’ll link in the show notes to some articles on the Intego Mac security blog about them. This is different, because it’s not saying what you bought. It’s not an invoice saying you spent this much money on what was it? The Geek Squad extended warranty from Best Buy, something like that. It’s just saying, I want you to send me money. And that’s a different My thinking is different. Well, why would I send you money? Fraud or didn’t make this order? Well, why am I sending you money? I don’t know what the order is for. So pay attention for these. Now, I forwarded each one of these to [email protected] so they would presumably take them down. I haven’t clicked on any of the links to see where they go, but be careful when you get money requests from PayPal. It just seems to me that unless you know you’re buying something specific, maybe a friend is sending you a money request. You’re paying them back for lunch. It’s going to be $20 or $40 it’s going to be a round number. It’s not going to be 99 dot, 99 so pay attention for PayPal money requests.
Josh Long 9:30
Again, these things are very commonly sent through a legitimate service, right? So this is a little bit different from the invoice scam. So we’ve talked about before because of it being a money request. But nevertheless, like, you know, I imagine there’s a very small percentage of people who get a message like this and think, oh yeah, I think I was supposed to pay somebody, right? And they don’t maybe think it all the way through before clicking that Pay Now button. But I think what the scam? Scammer is expecting is maybe there’s a really small percentage that will actually just pay them the $400 they’re requesting. But the thing they’re really banking on is that people will see this and go, Oh, something is wrong here. They’ll read the note that the scammer put in that says fraud alert didn’t make this order, call this number, and they’ll be able to have somebody at the call center actually complete the scam and be able to steal money from me that way. So one way or another, they’re hoping to trick you into giving up some money. These things will not go to your spam folder because they’re coming from a legitimate service, like, in this case, PayPal.
Apple sends a serious email about security that looks ambiguously like scam email
Kirk McElhearn 10:38
Okay, other emails I got recently two of them from Apple account. Now, Apple has changed the terminology from Apple ID to Apple account, and you can find it on the website, but I think a lot of people don’t know that they’ve changed it. So if a couple years ago I got an email saying Apple account, I would just assume that it’s some sort of a scam, right? But so this email comes from Apple account at inside Apple.Apple.com so here we have sub domain, long address, a little bit confusing. It says, Keep your Apple account safe and secure. And my thinking is, aha, that’s what the scammers do to try and get you to click through and enter your credentials, right? And then I look through and it’s like, let’s check up on your Apple account and know how to reset your password. You want to learn more, click this link. So I hover my cursor over the link, and there’s a long URL about, I don’t know, 150 characters that starts with c.Apple.com the letter c.Apple.com it’s followed by this long string of characters. This is a legitimate email from Apple, but it looks fake. It makes me think that Apple doesn’t really pay attention to the way people who are security sensitive think about emails. And I’ve showed this to other people, and they all feel the same way. That’s the thing.
Josh Long 11:55
It’s like, it can be very difficult to really tell the difference between a scam or something that’s not a scam. If you do get a message like this and you’re not sure about it, one of the things that you can do is go to the actual official website through, ideally, a bookmark that you already have in your browser, or just type it. Well, yes, you can type it there. You do risk like maybe typoing and getting to a typo squatting domain, right? That might be a phishing site. The other thing that you don’t want to do is Google it, because, as we mentioned before, very often, the top link in Google search results is an ad, and scammers buy these ads, and so it might look exactly like the official Apple ad that might show up at the top of a Google search result, but it could actually go to a scammers page. Always be really careful about googling it. If you can any service that you normally use or any service that’s really important to you, make sure that you bookmark the legitimate website and always go to that bookmark whenever you want to double check and log into your account. Don’t ever google it, and I recommend avoiding typing it in if you can, just in case you might mistype at some point.
Kirk McElhearn 13:16
Okay, so I just went to account.Apple.com and that’s where you go to access your Apple account, and I don’t see anything about what’s in this email. So what you’re suggesting is, if you see an email, go to the website where there’ll be information about it. There’s nothing about it. I mean, you end up on a page called sign in security, and it’s got a whole bunch of entries, email and phone numbers, password, account security, etc, but nothing that says why they sent this email out. What’s the timing for this email? Is it because there’s a new update this week that, well, it just dropped today. It doesn’t kind of make sense. Why is Apple, I don’t know, spraying everyone with these emails because they’ve sent this clearly to millions of people. It doesn’t feel right. It feels I don’t know. I just don’t trust you know we’re in the work we do. We’re so used to looking for what’s wrong and scammy that sometimes things that are right look scammy, because the scammers copy what’s right, but they twist it a little bit. Okay, let’s take a break. When we come back, we’re going to talk about some new Mac malware, and then the Apple Intelligence features that are going to change your life in the latest updates to Apple’s operating systems.
Voice Over 14:28
Protecting your online security and privacy has never been more important than it is today. Intego has been proudly protecting Mac users for over 25 years. And our latest Mac protection suite includes the tools you need to stay protected. Intego’s Mac Premium Bundle X9 includes Virus Barrier, the world’s best Mac anti-malware protection, Net Barrier, powerful inbound and outbound firewall security, Personal Backup to keep your important files safe from ransomware. And much more to help protect, secure and organize your Mac. Download the free trial of Mac Premium Bundle X9 from intego.com today. When you’re ready to buy, Intego Mac Podcast listeners can get a special discount by using the link in this episode’s show notes at podcast.intego.com. That’s podcast.intego.com and click on this episode to find the special discount link exclusively for Intego Mac Podcast listeners. Intego. World class protection and utility software for Mac users made by the Mac security experts.
Realist Steeler malware resurfaces
Kirk McElhearn 15:38
Okay, we’ve got some malware that is, I guess, coming back from the past, the Realist Steeler. That’s a weird name, but I guess it’s kind of unique in the way it’s spelled. Is it realist.com that they use for the malware?
Josh Long 15:53
Yeah, I’m not sure exactly the origin of this name. It’s Steeler malware that you might remember from about a year and a half ago, we talked about some video games that had some elaborate campaign where they had social media accounts and they were hiring, you know, people to promote these games, and it was all just a scam, the same gang that was involved in that video game related scheme in the past is now using fake meeting apps. What they’re doing is they’re looking for people who are trying to find a job at a web three company. Web three is technologies like blockchain and NFTs and cryptocurrencies and that kind of stuff. So scams, these are, these are people who are likely to have some kind of cryptocurrency wallet and and some amount of cryptocurrency stored on their computer. And so the whole idea is that they’re trying to to encourage people to apply for these for a job working for this company, and then they tell them, Okay, well, we need to set up a meeting with you. Here’s the meeting software that we use, and so they’ll send you a link to something called Meet.io meeting. It’s had a bunch of other names, but these look like legitimate messaging or video conferencing websites. If you went to one of these sites, you would actually get a download. And the problem is that it’s not actually legitimate video conferencing software. It’s really just a Trojan horse that will, surprise, surprise, try to steal cryptocurrency wallets from your computer, among other things. By the way, it can actually steal passwords from your key chain. It’ll put up a dialog box, and if you put in your password, usually your admin password for the computer. And so then it’ll use that to extract all of your passwords from your key chain and send them off to the attacker. It’ll steal all your passwords and any cryptocurrency wallets you might happen to have on your computer. And well, that’s pretty scary.
Kirk McElhearn 18:10
That is pretty scary. I think I’m going to turn my computer off. I think I’m going to air gap my computer. One thing I want to point out is there are so many different types of meeting software, and every time I’ve had a different client or a different person I needed to talk to professionally, they all had meeting software that they used that was different from all the others. A lot of people do use Zoom. No one uses Skype anymore, I think. But a lot of businesses use different things for various reasons. I noticed that even wrote an article about this, mentioning your research here, we’ll put a link in the show notes for that. Okay? Josh lightning round, Microsoft Patch Tuesday in 30 seconds. Tell us what we got.
Important Patch Tuesday for those who observe
Josh Long 18:47
Okay, if you know anybody who is using Windows or any other Microsoft product, maybe office or whatever, or any Adobe product, this week was a patch Tuesday. Week, the second Tuesday of the month, Microsoft patched, I believe, 92 vulnerabilities, four of which they rate critical. And depending on who you ask, if one or two of these was exploited in the wild, Adobe patched 48 vulnerabilities, 28 of which are critical. So if you use again Microsoft or Adobe software, or know somebody who does make sure that they update their software.
What are the newest Apple Intelligence features available?
Kirk McElhearn 19:20
That was pretty quick. Thank you, Josh. All right, we want to talk about the Apple Intelligence features in the new dot two releases. We have an article on the Intego Mac security blog. We have several articles. Actually, we have Apple Intelligence, the complete guide that gives an overview of these new features. We have individual articles about using writing tools, about using the Image Playground and Genmoji. These are new features with today’s updates, we talk about cleanup and Apple photos. Apple Intelligence is coming out in stages. And in the first stage, in the 18.1 we had these writing tools and we talked about them. This stage is probably the biggest feature dump, because it has Image Playground and Genmoji, which are image generation tools. It’s added ChatGPT support. Into Siri, which means that if you ask Siri a question and Siri doesn’t have the answer, it may give you an opportunity to ask ChatGPT. And of course, you will be asked each time. It’s not one time you opt in and every time your question goes to ChatGPT, but every time you ask, this is what happens. It has a new visual intelligence feature where you use your iPhone like a camera and you ask ChatGPT What you’re looking at, and it gives you a little description. These are all really interesting features, but there are so many more features that Apple’s announced that quote will be available in the months to come. Now, let’s remember that they first announced these features six months ago in June at the worldwide developer conference. We’re six months in that Apple has only gotten two iterations of these new features, and probably the most important one is Siri, which is going to, as Apple says, going to have hundreds of new actions in and across Apple and third party apps where it will use your personal context, it’ll read your emails, your calendar events, your contacts, your Photos and all that. It seems like Apple is like, I don’t know. They’re trying to play catch up the Image Playground tool. It’s obvious that Apple doesn’t want to make photorealistic images like these other generative AI image tools. And they’re all funny, silly images. And I don’t know if you’re a kid and you want to make these images. It’s kind of interesting, but you can’t take a real photo of your friend with a salmon as a hat, right? You can’t do that. Unlike all the other image generation tools, where you could upload a photo and actually alter it, or even on a, I think, on a Google phone, you can use an existing photo and make alterations like that.
Josh Long 21:36
Right. Apple is definitely taking a different approach here, and I think that’s exactly the reason why, is that they don’t want to be sued or accused of being complicit in misinformation or whatever, or or making tools available that can be used for some kind of really malicious intent or deception, right? (They don’t want people with deep fakes.) Yes, exactly.
Kirk McElhearn 21:58
One thing that’s important in the Image Playground is the photos you get are basically head shots. If you take a picture of someone and you want to create an image from it, so you create a sort of, you know, cartoonish image from it. You only see from the top of the shoulders up. You can’t even make full body images of people.
Josh Long 22:16
I actually wonder now that you mentioned that whether that’s more of a we are not really good at generating, like, full bodies yet, like,
Kirk McElhearn 22:26
Because the hands all have seven fingers, right?
Josh Long 22:28
Yeah, I don’t know. I don’t know, but it is interesting, though. Yeah, Apple’s taking a very different approach to this. I think that the in general, the art style that Apple’s going for. What’s interesting about it, to me is that it’s very similar to Apple’s emoji art style, and in fact, that ties in very well. So you’ve got two different ways to generate images on these new iOS and iPad OS versions that are coming out today. It’s coming soon in Mac o Sequoia. It’s kind of weird that we don’t have this just yet.
Kirk McElhearn 22:59
Sequoia does have Image Playground, but it doesn’t have Genmoji, right?
Josh Long 23:04
It’s got Image Playground, but not Genmoji yet, which is kind of bizarre to me. I don’t really understand why Apple decided to hold that back, and they said that’s coming in the months to come. So you’ll be able to receive Genmoji, but you won’t be able to generate Genmoji from your Mac.
Kirk McElhearn 23:22
I thought it was supposed to be an actual image that was sent that stored in your emoji library when you create it, but that’s sent as an image to someone else. So that means that the people with the green bubbles on Android, they’re just gonna see nothing.
Josh Long 23:35
Well, I guess so. In fact, I don’t think you can send Genmoji to somebody who’s on Android. Genmoji is really specifically meant to be used between Apple devices and primarily an iMessage you can put Genmoji into notes and things like that. I believe you can probably put them into other Apple apps, maybe like pages and things, but it’s really primarily intended for iMessage conversations. What I noticed is that it’s possible to kind of sort of export that emoji, and you have to go through this weird process. What I ended up having to do was like, put the Gen emoji into Apple Pages, and then I was able to copy that as an image and put it into an image editor, and then I could save it to a file and send it to somebody as a regular image. It’s a complicated process. I don’t know why they don’t make this easier, because I would love to generate a Genmoji and then send it to Android people or or put it on other platforms or whatever. And they don’t really make it easy to do that.
Kirk McElhearn 24:40
I’m just, I’m scratching my head here, trying to think, why Genmoji is such an important thing to you. Josh.
Josh Long 24:47
Well, okay, so here’s, here’s the thing, like, emoji, people love emojis, right? I don’t really love emoji, but, like, not everybody loves emojis. But I will tell you, though, that is one of the things that actually gets people. To upgrade to newer versions of iOS, because as soon as they hear, ooh, I’ve got new emojis. Heck yeah, I’m gonna upgrade them install it right now, right? I don’t know. It’s just the thing that people like. They like the idea of having new emojis, and it takes a long time for the Unicode standards body to actually adopt new emojis. There’s this whole elaborate process that they have to go through. It takes years between somebody suggesting that something should be an emoji and it actually getting included in the emoji standard, and then the vendors, like Apple and Google actually adopting it and making that available to everybody. So it’s a multi year long process. And if you just have some idea of, hey, wouldn’t it be great to have and you know, Apple uses silly examples, like, I don’t know, a frog with a cowboy hat or something like that. Like, you can do that right now if you want to, as soon as you install the latest operating system update with Genmoji.
Kirk McElhearn 26:01
Okay, I want to remind people that not everyone can do this, because you have to have either an iPhone 16 model, any of the models the 1616, pro, etc, or an iPhone 15 Pro or pro Max, any other iPhone, whatever it is, 15, normal, 14, 13, 12, they can’t do any of this stuff. Apple Intelligence, they’re persona non grata, right?
Josh Long 26:20
You won’t be able to generate a Genmoji. You should be able to receive them as soon as you upgrade to 18.2 so other people will be able to send you their Genmojis and show off that they’ve got a newer device than you do.
Kirk McElhearn 26:34
Okay? On the iPad, it’s any iPad Pro with an M1 processor or later. It’s the iPad Air M2 that came out last year, and it’s the iPad Mini that came out in October, with what they’re calling the a 17 Pro processor. I don’t know why they make this a 17 Pro I guess. My thought is that the processors in the iPad are the same size as the processors in Macs, and the processors in the iPhone and the iPad Mini are smaller because the devices are smaller, so they’re not exactly the same. So not everyone can use these features. And if you don’t have an iPhone 16, and you’ve got like, a 14 or a 13, you may not need to upgrade just to get these features, especially not for Genmoji. It’s not that important. I think what is interesting, though, is the new Siri that we’re going to get in the months to come, February, March, maybe later. One thing to point out is that before the show started, we were talking about Google Gemini, who just announced a new version. And Google Gemini already has a conversational chat bot that you can talk to when you’re lonely, and you can ask things and they can give you answers. And what was the name of that movie? She that you liked her some years ago. Her with Scarlett Johansson, so Google already has that, and Apple doesn’t even have Siri. That can do more than like, if I ask Siri questions, like, here’s what I found on the web, kind of, right?
Josh Long 27:49
And open AI has had this for a while with ChatGPT, with its four Oh model, right? This was months ago that they had a very similar feature. In any case, everyone else is kind of doing that. I kind of feel like at some point you’re gonna have to do something like everyone else is doing with the conversational like people want to have a conversation with Siri, a normal, natural conversation, and get answers. That’s been the number one criticism of Siri for years, is that almost anything that you ask it, it says, Here’s what I found on the web for and whatever it was that you tried to ask about Siri, more than anything else, needs an upgrade like that.
Kirk McElhearn 28:29
Okay, check out my article Apple Intelligence, the Complete Guide link in the show notes. It has links to all the other articles we’ve written about the Apple Intelligence features. Update your devices, because this is a big update that we don’t yet know about security updates, as Josh pointed out earlier, we should in a couple of hours until next week. Josh, stay secure.
Josh Long 28:46
All right, stay secure.
Voice Over 28:49
Thanks for listening to the Intego Mac podcast. The voice of Mac security with your hosts, Kirk McElhearn and Josh Long. To get every weekly episode be sure to follow us in Apple podcasts or subscribe in your favorite podcast app, and if you can leave a rating, a like or a review. Links to topics and information mentioned in the podcast can be found in the show notes for the episode at podcast.intego.com. The Intego website is also where to find details on the full line of Intego security and utility software. intego.com.
About Kirk McElhearn
Kirk McElhearn writes about Apple products and more on his blog Kirkville.
He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to , TidBITS, and several other websites and publications.
Kirk has written more than two dozen books, including Take Control books about Apple’s media apps, Scrivener, and LaunchBar.
Follow him on Twitter at @mcelhearn.
View all posts by Kirk McElhearn →