There was an interesting article on WSJ about this new vulnerability due to OpenSSL security tool that is used by two-thirds of active websites (including LoyaltyLobby).
OpenSSL is used to secure the transmission of data between your browser and the website. When a website used SSL, there is usually green bar displayed on the URL by the browser used.
Here are the tidbits from the WSJ article:
The bug exploits a problem in certain versions of OpenSSL, a free set of encryption tools used by much of the Internet. OpenSSL is managed by four core European programmers, only one of whom counts it as his full-time job. The limited resources behind the encryption code highlight a challenge for Web developers amid increased concern about hackers and government snoops.
Websites increasingly use encryption to mask data such as usernames, passwords and credit-card numbers. That prevents a hacker lurking at a coffee shop from grabbing personal information out of the air as it travels to a wireless router. This type of encryption is called SSL, or secure sockets layer, or TLS, or transport layer security. When a website is using these forms of encryption, a padlock appears with the Web address in a browser.
Web servers that use the affected versions of the code store some data unprotected in memory. Hackers can grab that data, and reconstruct information about users or keys that would allow them to monitor past or future encrypted traffic.
“Anyone can reach out to the Internet and scoop out of the data,” said Thomas Ptacek, a researcher at Matasano Security in Chicago. “I can be in my office here. I can be in Estonia.”
Writing encryption code is complex, so many website operators tap OpenSSL, which is free. It was created in the late 1990s by developers who wanted an easy-to-use encryption scheme for Internet traffic. Its website is bare bones, as are its finances.
American Airlines: Good
Air Canada: Good
And then LoyaltyLobby.com: Failed
Ouch! Note that this would only affect our own log ins as we don’t store any visitor data on LoyaltyLobby.com and don’t require anyone to sign up to be able to read the articles.
Edit: LoyaltyLobby Good
It took less than five minutes to fix the issue and get the grade from F to A. Not sure why these hotel/airlines won’t fix their sites?
Seems that nothing on internet is secure at the end of the day. You are supposed to use individual complicated passwords for every website that you use, but how many of us does that? There are only so many passwords that you can actually remember.
Personally, I have come to conclusion that there is nothing secure on the internet considering all the recent data breaches and now this SSL vulnerability.