(Photo: Labnol.org)

You may have heard the devastating news that The New York Times has finally plugged the famous paywall loophole that allowed users to access more than their monthly allotment of articles. Once you used up your 10 free articles for the month, you could just delete the "?gwh=numbers" part of the URL to easily and freely access the story.

Sadly, the Times confirmed that they've officially put the kibosh on this notorious workaround. "We have made some adjustments and will continue to make adjustments to optimize the gateway by implementing technical security solutions to prohibit abuse and protect the value of our content," Times spokesperson Eileen Murphy told New York Mag.

Lucky for you, there are still several workarounds you can employ in order to access premium content without paying for a subscription--but don't say we forced you to take the cheap way out.

1. Google the headline 

This also works for the Wall Street Journal paywall. Google the headline and click through from the Google search results page and you should be able to read the story.

2. Use an incognito window in Chrome

Incognito windows let you browse the web privately. Since cookies are deleted each time you close the window, you should be able to access stories to your heart's content.

3. Search for the link on Twitter

Copy and paste the link into a Twitter search and click through to the story from Twitter. Stories accessed via social media don't count towards your article limit.

4. Use the NYClean bookmark

The NYClean bookmark is an easy way to skirt the paywall. When you hit a paywalled story, just click the bookmark and it unblocks the story for you. Magic!

5. Quit complaining and pony up the $15/month for quality journalism

Nobody likes to hear this option, but there is a reason the Times is the paper of record. Digital subscriptions for unlimited access to content on NYTimes.com and the NYTimes app cost $15/month.

(Screencap: Twitter)

Anonymous announced its intention to "destroy" Westboro Baptist Church this weekend following news that the group would be picketing the funerals of children who died in Friday's horrific school shooting in Newtown, Connecticut. Now, infamous 15-year-old hacker Cosmo the God of the Underground Nazi Hacktivist Group (UGNazi) appears to have joined the fray. The Twitter account of much-reviled Westboro spokesperson Shirley Phelps-Roper has been hacked, and Cosmo is claiming responsibility. Ms. Phelps-Roper is the daughter of Fred Phelps, who is the head of the WBC.

Cosmo and the UG Nazi crew gained notoriety over the past year for hacking sites like 4chan, NASDAQ and CIA.gov, many of which they say were in protest of SOPA. Cosmo himself, who lives in Long Beach and turns 16 in March, is a famed teen hacker, and just last month was sentenced in juvenile court for felonies such as credit card theft and online impersonation. Placed on probation until his 21st birthday, Cosmo isn't allowed to use the Internet without consent from a parole officer or have any contact with members of Anonymous or UG Nazi.

If it's really him, clearly these actions against WBC would violate his parole. "COSMO? Cosmo THE GOD?" reads one tweet he retweeted. "I think this might be a violation of your parole, brah. #soworthit." Of course, there's a chance it's not actually him, and instead another hacker belonging to the UG Nazi crew or otherwise; we've reached out to Cosmo for confirmation.

Anonymous also continues its onslaught against WBC, with hacks ongoing throughout the night. One source within the collective told Betabeat that many Anons are considering showing up in Newtown as a counter-protest to WBC.

Update:

Cosmo has hacked another Westboro account, @WBCFredJr. Anonymous says they have also hacked into WBC's emails.

Screengrab

Samsung's clever merging of a tablet-like operating system with a conventional TV to create "smart TVs" seems pretty cool, but device developers may have forgotten a pretty crucial detail for a major household appliance connected to the web--security.

Malta-based security researchers ReVuln found a creepy vulnerability in Samsung Smart TVs that could lead to a particularly invasive form of hacking. They detailed for The Security Ledger just how spooky things could get if hackers take advantage of the problem:

It could give an attacker the ability to access any file available on the remote device, as well as external devices (such as USB drives) connected to the TV. And, in a Orwellian twist, the hole could be used to access cameras and microphones attached to the Smart TVs, giving remote attacker the ability to spy on those viewing a compromised set.

The Security Ledger mentions Skype cameras sold as accessories for the Smart TV as an example of equipment that could be used to spy on victims as they sit placidly eating popcorn and watching Netflix. They also point out that Smart TVs don't have security at the moment, not even a basic firewall.

Barring access to Skype cameras, a hacker could at the very least use access to a compromised Smart TV to steal data used on social networks, such as login names and more importantly, passwords.

ReVuln has created a video demonstrating the problem, which you can watch below. They didn't hesitated to double down on the unsettling nature of the security hole, titling the video, "The TV is watching you."

The IAEA logo.

The International Atomic Energy Agency (IAEA) reported a striking security breach Tuesday, admitting that hackers had stolen information from one of its servers and published it online.

According to Reuters, a group with "an Iranian-sounding name" published the information and requested a probe into Israel's nuclear program.  The IAEA is already wary of Iran's nuclear ambitions.

Reuters reports the theft may not have compromised much in the way of confidential data:

A Western diplomat said the stolen data was not believed to include information related to confidential work carried out by the IAEA. One of the agency's tasks is preventing the spread of nuclear weapons.

The hackers who posted the info call themselves Parastoo (the Persian name for birds known as swallows in English) and naturally enough they used Pastebin.

In the Pastebin post Parastoo wrote that this was their first such message and the public would be "hearing game changing news" from them frequently in the future. After publishing a list of email addresses  lifted from the IAEA's server in Vienna, Parastoo asked the owners of the addresses to sign a petition to request a closer look at nuclear activities in the city of Dimona, which is home to Israel's Negev Nuclear Research Center.

Parastoo seemed to reassure the IAEA that the hack was performed merely to get the agency's attention, writing that the IAEA's "critical information is safe with us(,) as we are brothers."

They closed with an apparent warning to Israel that doubled as a nod to Anonymous: "You are not Anonymous. Expect us."

The Muslim Cyber Fighters who DDoSed several American banks in October have insisted their project, which they called "Operation Ababil," was not sponsored by the government of Iran.

"Ababil" is an Arabic word for the same bird called "parastoo" in Persian--the swallow. There are references to the swallow in the Qu'ran, including "The Story of the Companions of the Elephants," in which a flock of birds carrying stones attack soldiers and elephants, killing them.

So--it's possible that these hacker references to swallows are just coincidence. Unless hackers have also begun to grow wings.

Yahoo! (Getty)

Security expert Brian Krebs dropped a bomb on Yahoo email users last week, though his warning was probably lost in the roar of stories about Black Friday fistfights. According to Mr. Krebs, an Egyptian hacker using the screen name TheHell is selling a Yahoo Mail exploit that could allow an attacker to take over and control a victim's email and browser activity. TheHell is only charging $700 for the information.

TheHell uploaded a video demonstration to prove he was serious. Mr. Krebs reproduced the video, which you can watch below.

According to Mr. Krebs, the hacker implied his $700 asking price was a bargain:

"I'm selling Yahoo stored xss that steal Yahoo emails cookies and works on ALL browsers," wrote the vendor of this exploit, using the hacker handle 'TheHell.' "And you don’t need to bypass IE or Chrome xss filter as it do that itself because it’s stored xss. Prices around for such exploit is $1,100 – $1,500, while I offer it here for $700. Will sell only to trusted people cuz I don't want it to be patched soon!"

Yahoo's security director, Ramses Martinez, told Mr. Krebs that fixing the exploit itself isn't too hard--the problem is finding the weak Yahoo URL that allows the hacker to take control.

"Once we figure out the offending URL," said Mr. Martinez, "we can have new code deployed in a few hours."

Mr. Krebs noted that Yahoo doesn't pay hackers who notify the company about vulnerabilities like this. Several other companies do, Mr. Krebs writes, "including Facebook, Google, Mozilla, CCBill and Piwik."

As for ensuring you don't fall prey to such a hack, always engage extreme caution when opening emails containing links, especially if they come from unfamiliar sources. Like guys who call themselves TheHell, for instance.

Many media outlets reported a possible PayPal hack as well, however PayPal issued a denial, stating they had no evidence of a breach.

Additionally, credit for the Symantec hack may go to a hacker or group of hackers called HTP, not the larger de-centralized mass of Anons.

The ImageShack hack appears pretty comprehensive. In a Pastebin post of ImageShack data, the hackers wrote that "ImageShack has been completely owned, from the ground up. We have had root and physical control of every server and router they own. For years." The data dump included pages of code, email addresses and encrypted passwords.

In addition to the hacks, Anonymous is re-enacting the final scene from the movie V for Vendetta, from which the group was inspired to adopt its now-iconic Guy Fawkes mask. The peaceful action is taking place in Trafalgar Square in London. On the Facebook page for the event, Anonymous writes that the event "is the centrepiece of a worldwide Anonymous operation of global strength and solidarity, a warning to all governments worldwide that if they keep trying to censor, cut, imprison, or silence the free world or the free internet they will not be our governments for much longer. Change is coming."

Anonymous includes an important disclaimer at the bottom of the page: "We will NOT blow up Parliament." A long-standing rumor that Anonymous would target Facebook today is also false:

Again... regarding the Facebook attack... it's FAKE! #kthx

— Anonymous Press (@AnonymousPress) November 5, 2012

So Parliament and Facebook are both safe, but our favorite photo websites circa 2005? Not so much.

SpaceX's Dragon. Probably won't fall on you. (SpaceX.com)

An alarming report in The Independent may serve as a warning to satellite operators and a challenge to hackers: cyber security experts attending a conference in the United Kingdom say our satellites face more dangers than ever, including hijacking and sabotage by skilled and malicious hackers.

The Independent's Jerome Taylor reports that experts attending the Royal United Services Institute for Defense and Security Studies conference believe the world's dependence on space-based tech could render many "acutely vulnerable":

"It is a real issue and a real vulnerability," explained Mark Roberts, a former space and cyber expert at the Ministry of Defence who has recently moved to the private sector. "What we are doing is making ourselves more vulnerable to attack than we had been formerly. My personal view is that a day without space is not going – as some people say – to send us back to the dark ages. It's more likely to put us back into the 1960s."

Experts add that the possibility of entire satellite networks being knocked offline or otherwise compromised can be added to existing dangers that include solar flares, space junk and overcrowding.

Space may be vast and endless, but as The Independent notes, the space immediately above the Earth's atmosphere is actually growing smaller by the day as new satellites jostle for room to do their jobs beaming streams of data back to their home stations.

The Independent's report closes with a brief inventory of just what's floating above our heads every day, waiting for a collision, meteor or especially clever signal hacker to bring it down:

6,500 The number of satellites that have been sent up since Sputnik.

400,000 The number of pieces of debris smaller than 10cm in orbit.

994 The number of operational satellites orbiting Earth.

3,000 The total number of satellites orbiting Earth (including those that are now defunct).

16,000 The number of pieces of debris larger than 10cm orbiting Earth in the area where most satellites are based.

As the U.K. paper notes, one of the most crucial uses for satellites now is GPS location services, so a rational caution for anyone worried about a sudden loss of turn-by-turn directions might want to reconsider tossing the old travel maps drying to dust in the trunk.

Regarding the 400,000 bits of debris smaller than 10 cm, we also recommend you carry an umbrella.

screengrab

Team GhostShell returned late Monday with Project WestWind: a leak of 120,000 records from 100 major universities around the world.

Team GhostShell is the hacking group behind Project Hellfire, which launched in August this year. Project Hellfire lifted 1 million accounts from 100 websites around the world, compromising data from the CIA and from Wall Street.

The hacked data leaked in Project WestWind does indeed appear to come from a who's who of major learning institutions. They include Harvard, Cambridge, Princeton, Tokyo University, Cornell and New York University.

In their Pastebin announcement, Team GhostShell said Project WestWind was a serious effort to jump-start a dialogue on the state of higher education today. Apparently this hack wasn't pranksterism for the lulz, but hacktivism for the greater good:

We wanted to bring to your attention different examples from Europe, how the laws change so often that even the teachers have a hard time adjusting to them, let alone, the students, to the US, where tuition fees have spiked up so much that by the time you finish any sort of degree, you will be in more debt than you can handle and with no certainty that you will get a job, to Asia, where strict & limited teachings still persist and never seem to catch up with the times and most of the time fail to prep you up for a world where foreign affairs are crucial in this day and age.

The hackers ask that others use the information as a conversation starter, team member DeadMellox writing:

You don't have to talk about it with us, what's important is that you bring up the subject 'today's education' in day-to-day conversations with your family, friends, people close to you and try to understand the system better, together. How it works, how a certain type of diploma can or cannot help you in your road to the career you want to pursue.

Though Team GhostShell's data dump contains user screen names and mostly hashed passwords (Betabeat examined one file in which some of the passwords were apparently cracked), they claim they've kept the leaked records to a minimum.

Team GhostShell issued a warning to the targeted institutions regarding the states of their networks: "When we got there, we found out that a lot of them have malware injected. No surprise there since some have credit card information stored."

Betabeat has reached out to a web network administrator at one of the hacked universities for comment and will update this post if we receive a response.

Get off the phone, CEO guy. (flickr.com/perspective)

Attendees at the EuSecWest-sponsored World Security Professional Summit in Amsterdam are participating in a contest called Mobile Pwn2Own. Contestants are, yes, basically revealing that our mobile devices can be easily pwned by someone with the know-how. Quell your bubbling phone fanboy or fangirl rage right now: it looks like both Androids and iPhones are vulnerable. The Next Web describes the Android pwnage, which was partially done, by the way, via near-field communication, or NFC:

The 0day exploit was developed by four MWR Labs employees (two in South Africa and two in the UK) for a Samsung Galaxy S 3 phone running Android 4.0.4 (Ice Cream Sandwich). Two separate security holes were leveraged to completely takeover the device, and download all the data from it.

The first, a memory corruption flaw, was exploited via NFC (by holding two Galaxy S 3s next to each other) to upload a malicious file, which in turn allowed the team to gain code execution on the device. The attack isn’t limited to NFC though; it can also be abused via other attack vectors, such as malicious websites or email attachments.

A second malware infiltration gave attackers complete control over the Galaxy S 3. They gained the ability to transfer whatever data they wanted--emails, texts, photos--to wherever they wanted. The Next Web reports MWR Labs will publish a detailed blog post about the hacks only after the vulnerabilities have been eliminated.

The Dutch researchers who found a vulnerability in the iPhone 4S pursued the exploit because they felt the Apple product was a hard target. ZDNet reports on their exploit:

The hack, which netted a $30,000 cash prize at the mobile Pwn2Own contest here, exploited a WebKit vulnerability to launch a drive-by download when the target device simply surfs to a booby-trapped web site.

"It took about three weeks, starting from scratch, and we were only working on our private time," says Joost Pol [...], CEO of Certified Secure, a nine-person research outfit based in The Hague. Pol and his colleague Daan Keuper used code auditing techniques to ferret out the WebKit bug and then spent most of the three weeks chaining multiple clever techniques to get a "clean, working exploit."

The researchers couldn't get everything a real hacker might be after. They managed to snag contacts, photos and videos and web-surfing data, but SMS and email records were too deeply encrypted to reach.

Mr. Pol and Mr. Keuper say the WebKit bug can be found in iOS 6 as well.

Mr. Pol also noted that if someone wanted to use the exploit "in the wild," they could perhaps embed it in ad networks, which would be dangerous to all unwitting mobile web surfers.

Mr. Pol also sounded a warning every mobile user should hear, regardless of brand affiliation, telling ZDNet that CEOs "should never be doing email or anything of value on an iPhone or a BlackBerry."

Yahoo! (Getty)

That was fast. In mid-July hackers calling themselves "the D33Ds Company" gave Yahoo a spanking for lax security by posting the login information of some of the 453,000 mostly unpaid bloggers working for Yahoo and Associated Content's contributor network. Less than a month later, we've got the first class-action lawsuit related to the breach.

New Hampshire resident Jeff Allan is the named plaintiff in the case. In papers filed July 31 in a U.S. District Court in Northern California, attorneys detailed how Mr. Allan discovered his information was compromised:

Within days of the breach, Mr. Allan received an alert of account fraud on his eBay account, which used the same login credentials as disclosed in the Yahoo breach. Mr. Allan does not know what other information the hackers and others have gathered about
him.

The lawsuit also quotes IT security expert Jason Rhykerd. Addressing the SQL injection hack that grabbed the info from Yahoo's database, Mr. Rhykerd said the "amount of network traffic this attack would have generated should of (sic) set off the lightest of [intrusion detection system] rules."

The suit's "Prayer for relief" indicates Mr. Allan is seeking unspecified damages for himself and anyone else affected by Yahoo!'s "negligence."

Between this suit and the exodus of high-ranking staffers, new CEO Marissa Mayer may well be offering up some prayers of her own.