Heartbleed

Hey Zappos customers! As you may have heard already, a serious flaw called
Heartbleed was disclosed on Monday, April 7th in a popular encryption
software named OpenSSL. Our awesome systems and security team had our
systems patched that afternoon. But since then we have received some calls
and emails about this issue and we want to help clarify a few things.

What is it?

You know that lock you normally look for or "https:" on websites to check
if your information is protected through encryption? Well a lot of
websites use OpenSSL to enable that functionality. The flaw allows an
attacker (bad guys) a way to circumvent the encryption. If that happened
there would be a possibility of seeing usernames, passwords, and other
sensitive information.

What did we do?

Our systems and security teams patched the vulnerability on Monday
afternoon, shortly after the vulnerability was announced and the patch
came out.  And as an added precaution, we've reissued our certificates on
the site. We've reviewed our systems and have found no indications of
malicious activity. We also want you all to know that we rely on a number
of tools to ensure your accounts are protected outside of OpenSSL and
we'll continue to monitor your accounts to ensure they stay safe.

How to verify what we've told you:

Some of our wonderful customers have been struggling to understand how to
determine if we are still vulnerable. And some have said they still see us
as being reported as 'likely' vulnerable on some sites. This is due to the
test being performed against our primary domain name 'www.zappos.com'.
However, the part of the site that uses OpenSSL and contains the sensitive
data is 'secure-www.zappos.com'. When you login, check your account, and
purchase/checkout our awesome products, these actions are only performed
on that secure domain. Therefore, that's the site you have to check.

As you can see, the secure portion of Zappos.com is properly protected
against the Heartbleed issue on these two sites:
https://lastpass.com/heartbleed/?h=secure-www.zappos.com and
https://filippo.io/Heartbleed/#zappos.com.

If you would like to read more of the technical details of the
vulnerability, please visit this website: www.heartbleed.com

If you have any other questions, please contact us anytime, 24/7!

Thank you!

David H.

ZISO
(Zappos Information Security Officer)

View 467236497's profile

ReCommerce Hack Day Recap

Here's a recap of the first ReCommerce Hack Day back in the fall. Stay tuned for the next one in 2012!

Zappos.com IOS Updates!

Hi folks! We've been keeping busy here in the mobile team and wanted to feature our most recent 2.2 release because it has quite a few enhancements that make this a pretty awesome release for both our iPhone and iPad app. The first thing you'll notice when you download the updated 2.2 release from the App Store is an updated homescreen on the iPhone. We've added some of the look of the regular Zappos.com website, added quicker category browsing and simplified things a bit overall. You'll also notice that when you login we'll recognize that you're a VIP!

As you start searching and filtering, you'll find that more categories and relevant subcategories are available to you than before. This should make finding what you're looking for much easier. Once you've found that product, take a look at our images and we've included high-res images where you can pinch and zoom to get a better look. Finally, if you want to share this product, we're leveraging iOS 5's native Twitter integration to allow you to tweet an image and link to the product you're viewing (additionally you can share via email or text message).

Definitely a cool release, so what are you waiting for? Get the newest Zappos iPad app HERE! :)

Here's Nolan O'Brien, a mobile engineer on our team, to go over the features in this quick video:

Sincerely,

Alex Kirmse - Mobile Team

View 467236497's profile

ReCommerce Hack Day

hackers,Zappos API,Zappos IP Inc.,zappos technology,FEZ team,Zappos San Francisco team,recommerce hack day,hackathon

A few of us here at Zappos (including members of the API, San Francisco, and FEZ teams) are currently in the works of hosting the first ReCommerce Hack Day on September 16-17, 2011. We're excited to see developers reinvent e-commerce and create some mind-blowing vertical retail experiences. It will be held in sunny Sinicon Valley (aka Las Vegas), and we invite you to come and join our growing tech community!

We'll be providing prizes for Best Overall Application, Most Fun & Weird, and Best Mashup in line with the retail hackathon theme. You don't have to use any specific API for these prizes – choose whichever strike your fancy and figure out how to WOW us!  Additionally, our sponsor partners will be providing prizes for the best use of their specific APIs as well. (If you're interested in sponsorship, please reach out to us at api@zappos.com!)

On Friday night, we'll keep it casual - start out with a few presentations from our partners to hear all about their cool APIs, then we bring out the beer! This is your time to mingle with other hackers and to figure out who you want to work with along with which APIs to use. On Saturday morning, you'll wake up early, drink lots of water to cure your hangover, then start hacking away! We'll be providing food and drinks to keep your energy levels up.

Full details on the schedule and registration can be found on http://recommerceday.com. We're looking for developers, hackathoners, students, retailers, and good ol' API-lovers to join in on the madness! Hope to see you there!

View 469164429's profile

Quickview is Live!

We recently launched a new feature on Zappos.com called Quickview, which allows customers to get a more in depth look at a product much faster. Darren F. from Zappos Development, Inc. tells us more!