“Heartbleed” OpenSSL Vulnerability And Hotel & Airline Websites

10 Comments

There was an interesting article on WSJ about this new vulnerability due to OpenSSL security tool that is used by two-thirds of active websites (including LoyaltyLobby).

WSJ Heartbleed Bug

OpenSSL is used to secure the transmission of data between your browser and the website. When a website used SSL, there is usually green bar displayed on the URL by the browser used.

You can read more about this on WSJ’s website here and here.

Here are the tidbits from the WSJ article:

The bug exploits a problem in certain versions of OpenSSL, a free set of encryption tools used by much of the Internet. OpenSSL is managed by four core European programmers, only one of whom counts it as his full-time job. The limited resources behind the encryption code highlight a challenge for Web developers amid increased concern about hackers and government snoops.

Websites increasingly use encryption to mask data such as usernames, passwords and credit-card numbers. That prevents a hacker lurking at a coffee shop from grabbing personal information out of the air as it travels to a wireless router. This type of encryption is called SSL, or secure sockets layer, or TLS, or transport layer security. When a website is using these forms of encryption, a padlock appears with the Web address in a browser.

Web servers that use the affected versions of the code store some data unprotected in memory. Hackers can grab that data, and reconstruct information about users or keys that would allow them to monitor past or future encrypted traffic.

“Anyone can reach out to the Internet and scoop out of the data,” said Thomas Ptacek, a researcher at Matasano Security in Chicago. “I can be in my office here. I can be in Estonia.”

Writing encryption code is complex, so many website operators tap OpenSSL, which is free. It was created in the late 1990s by developers who wanted an easy-to-use encryption scheme for Internet traffic. Its website is bare bones, as are its finances.

Hilton: Good

WSJ Heartbleed Bug Hilton

Hyatt: Good

WSJ Heartbleed Bug Hyatt

IHG: Good

WSJ Heartbleed Bug IHG

Marriott: Good

WSJ Heartbleed Bug Marriott

Starwood: Good

WSJ Heartbleed Bug Starwood

American Airlines: Good

WSJ Heartbleed Bug AA

Delta: Good

WSJ Heartbleed Bug Delta

United: Good

WSJ Heartbleed Bug United

Southwest: Good

WSJ Heartbleed Bug Southwest

Air Canada: Good

WSJ Heartbleed Bug Air Canada

And then LoyaltyLobby.com: Failed

WSJ Heartbleed Bug LoyaltyLobby

Ouch! Note that this would only affect our own log ins as we don’t store any visitor data on LoyaltyLobby.com and don’t require anyone to sign up to be able to read the articles.

Edit: LoyaltyLobby Good

LL

It took less than five minutes to fix the issue and get the grade from F to A. Not sure why these hotel/airlines won’t fix their sites?

Conclusion

Seems that nothing on internet is secure at the end of the day. You are supposed to use individual complicated passwords for every website that you use, but how many of us does that? There are only so many passwords that you can actually remember.

Personally, I have come to conclusion that there is nothing secure on the internet considering all the recent data breaches and now this SSL vulnerability.

If you enjoyed this article, get our blog updates for free!

Previous articleStacking Le Club Accorhotels 1st Anniversary Promotions
Next articleComplimentary Club Carlson Gold Status Until February 28, 2015 (Instant Sign Up By Request)

YOU MIGHT ALSO LIKE