After a lengthy stint in hacker hell, which I recounted in my previous post,"Facebook: I've Been Hacked," I am happy to say that I'm up and running with my original "Donna Antebi" Facebook account, and no longer blasting out promotions for knock-off Nike shoes. While the incident was unfortunate, I learned some valuable lessons about Facebook security that may spare you from ever having to deal with the nightmare that I endured.
After reading my plight on Huffington Post, Fred Wolens, Facebook's Public Policy Manager, actually contacted me and helped recover my original Donna Antebi account. Though Facebook was initially slow to respond (hence my rant on the Huffington Post), once Fred Wolens read my blog, he was extremely helpful. Fred made it clear that Facebook takes hacking very seriously, and is committed to constantly innovating new security procedures. In fact, Facebook has just installed a new security measure to help retrieve accounts that have been cyber-jacked. Simply log-on to www.facebook.com/hacked and click "my account is compromised."
Over the past month -- entirely coincidentally -- I've become involved in a new cyber-security company founded by a former Tactical Intelligence Specialist. His company has developed a security system that goes far beyond encryption to secure data. The technology was tested at Def Con (the hacker convention) last year, and, for the first time ever, not one hacker or team was able to get a single data point.
I am hoping this technology becomes a security game-changer. With that said, I asked my new tech partner to share some advice on preventing a situation like mine from happening to you. Here are three tips that might just save you a whole lot of time and frustration:
1. For those who are as overwhelmed by passwords as I am, he suggests creating this simple code. It will be easy for you to remember and tough for anyone else to crack. Simply create a sentence that's memorable and use the first letter for each word to create a strong password. For example: "I would love 2 dance with George Clooney." That would be: Iwl2dwGC. Or, "I say I am 39 every year." IsIa39ey. Easy for me to remember -- not so easy for a computer program to figure out.
2. Never type Facebook.com. That's right. He says that if a user mistypes a URL, or if some kind of malware has been embedded in the browser, any URL can be maliciously redirected to a fraudulent website, including one that looks just like Facebook. Instead, use one of Facebook's IP address. This is the safest way to go directly to Facebook. Listed below are four which have been specifically assigned to Facebook.
66.220.149.11
66.220.158.11
69.171.224.37
69.171.242.11
Place one of the IP addresses in the box on your browser (where the URL is supposed to go) and hit "Enter" or "Return." The browser will take you to the real Facebook page, because it's going to the IP directly. You'll notice that when you get to the Facebook home page, your URL will magically display "www.facebook.com". According to my tech guru, this is the way people should surf the web. If everyone typed an IP address, instead of the URL, there would be far less successful phishing expeditions going on. That is, until the bad guys figure out new work-arounds.
3. My new partner also says that people should think "S for Security" and get in the habit of typing:
https://www.domainname.com
instead of
http://www.domainname.com
That extra "s" forces your web browser to use SSL or Secure Socket Layer. This encrypts the data from your browser to the server you wish to access, reducing the chances of someone monitoring the data stream from your computer to the web. And, although SSL is an improvement, please note that Man-in-the-Middle (mitm) attacks are on the rise. These are specifically designed to compromise encryption -- a reminder that the bad guys are always devising new ways to usurp SSL.
I hope to reveal the next generation of cyber-security to the fellas in Menlo park in the very near future. Perhaps, when the time comes, I will ask my new BFF, Fred Wolens, the mysterious miracle maker behind the Facebook curtain, if he can help us set up a sandbox at Facebook for testing. Until then, I will continue to imagine Fred as the Mensa twin of George Clooney, with a hint of Channing Tatum. I will let you know.
In the meantime, I will continue to stay on red alert while surfing the Internet. My newfound knowledge of the lurking hidden dangers of surfing online reminds me of the way I felt about swimming after watching the movie Jaws. I still swim in the ocean, but to this day it's never without some degree of fear and trepidation. But thanks to the devious hackers who stole my Facebook, cyber-security solutions have become my new business. Hopefully, with a little luck, this innovative technology will prove to be a solution that will lessen our chances of becoming some Black Hat Hacker's cyber chum.