When was the last time you, or anyone handling digital security at your company, was invited to a meeting about customer service? How many times have you been asked how you can improve the customer experience? How often are your anti-hacking efforts cited as one of the ways your company is customer-first? 

If your company isn't truly customer-centric, the answers are likely never, zero and not ever. Even companies who live and breathe customer service don't always equate anti-hacking measures with happy, returning customers.

But that might have changed after online shoe store Zappos' was hacked last week, resulting in a data breach affecting 23 million of its customers. The CEO sums it up well. "We've spent over 12 years building our reputation, brand and trust with our customers," CEO Tony Hsieh said in a blog statement. "It's painful to see us take so many steps back due to a single incident." 

Could they have prevented it? Were they lax? Was security part of their culture, just not publicly discussed so as not to become a target? I don't know. We may never know. But if your company hasn't asked your security team these questions, they should. And if you know there is more you should be doing to protect against hacking, you're never going to get a better reason to bring this up than Zappos, the reigning customer service monarch, just gave you. 

Sure, they'll survive; after a more than a decade of fabulous customer service – purportedly 75%+ of their sales are from returning customers – they should have enough goodwill to not lose much for long. But what about your company? How many of your sales are from returning customers? What would a customer data breach do to their loyalty?

How we treat customer data is part of how we treat the customer. It isn't the first thing your CEO might ordinarily think of, or the CMO or the head of the call center. But it might be in their top 10 for the next few days. Take advantage of it.

by

John Weinschenk, President and CEO of Cenzic

For those of you who couldn’t attend our live webinar last month on How to Hack a Website featuring Ira Winkler, there is good news.  We have the recording and the slides for anyone interested.

And because we like to reward our faithful blog readers, you won't have to fill out the traditional web form to get the information.  Just email me (see below) requesting the links along with your full contact information.

Details about the Webinar Recording

About the presenter:
Ira is a world-renowned security professional and former NSA security analyst.  He’ll give an overview of popular case study companies who’ve been hacked and was to avoid their mistakes.  By learning what hackers do to gain valuable information from your website, you’ll be more equipped to better secure it.

You will learn:

• How to determine if you’ve been hacked (or more susceptible than average)
• Simple, intermediate, and advanced hacking techniques
• Easy ways to remediate such problems
• Key take-away items for future best practices

by
Angel Oberoi, Marketing
Angel@cenzic.com

As of December 12, 2011 Cenzic can now detect an PHP Calendar Extension 'SdnToJulian()' Remote Integer Overflow Vulnerability (BugTraqID 46967) in the Web Server Vulnerabilities SmartAttack (Category: Best Practices). 

PHP is prone to an integer-overflow vulnerability in the calendar extension because it fails to ensure that integer values are not overrun.   Successful exploits of this vulnerability allow remote attackers to execute arbitrary code in the context of a webserver affected by the issue.   Failed attempts will likely result in denial-of-service conditions.  Versions prior to PHP 5.3.6 are vulnerable.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson, Marketing
Eswanson@cenzic.com

As of December 5, 2011 Cenzic can now detect a PHP 'Zip' Extension 'zip_fread()' Function Denial of Service Vulnerability (BugTraqID 46975) in the Web Server Vulnerabilities SmartAttack (Category: Best Practices). 

PHP is prone to a remote denial-of-service vulnerability that affects the 'Zip' extension.  Successful attacks will cause the application to crash, creating a denial-of-service condition.  Due to the nature of this issue, arbitrary code-execution may be possible; however, this has not been confirmed.  Versions prior to PHP 5.3.6 are vulnerable.

SmartAttack Updates (6.5, 6.6 and 6.8)

• Platform Path Disclosure
  This SmartAttack has been enhanced to remove some false positive findings.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications.  These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson, Marketing
Eswanson@cenzic.com