Diigo Community - security | Diigo Group Forum

Hacker

Tue, 13 May 2008 05:54:17 -0000

bugs |critical |security | post by digiqr on 2008-05-13

http://www.diigo.com/profile/bobschriver - Attempts to inject Javascript into Diigo - fix it ASAP!
post by digiqr on 2008-05-13
Still no fixes? :-(
post by digiqr on 2008-05-13
Yea, that is pretty bad. Should have been fixed as soon as it was read.
Mr. DiGi wrote:
> Still no fixes? :-(
post by seanbrady on 2008-05-14
A tool bar broken and this event may seem that the people responsible for Diigo is not caring enough for their users. Diigo is in its best moment and it is important to keep moving in the right direction.

Sean Brady wrote:
> Yea, that is pretty bad. Should have been fixed as soon as it was read.
> Mr. DiGi wrote:
> > Still no fixes? :-(
post by digizen on 2008-05-14
We are looing into it and will fix it soon.
post by joel on 2008-05-14

Save Elsewhere should use SSL security

Sun, 13 Apr 2008 12:51:10 -0000

security | post by ezqimo on 2008-04-13

After the update to the recent toolbar version, I lost the connections to the external services that I automatically bookmark to when adding bookmarks to Diigo. I see that the page where I can re-enter the login information does not use SSL, which is a pity. Can that be set to use SSL by default? Technically speaking I dont know if that page actually uses SSL security, as the status bars etc. does not show, but the title states "HTTP://..." which is an indication that the passwords will not be transferred securely.

For all the people using public Wi-Fi networks nowadays, this page should definetely be secure (and please dont just change the visible tag...;-)). I think that the status bar should be visible in that window so that it is possible to verify that security is used by checking the (then) visible lock symbol.
post by ezqimo on 2008-04-13
Thanks for your suggestion. We will add it soon.
post by joel on 2008-04-13
Https is available now.
post by joel on 2008-04-17

gmail comment

Thu, 13 Mar 2008 14:23:12 -0000

gmail |security | post by bmassey on 2008-03-13

I got this Diigo note on March 12 dated Feb 22 from "locative" stating "Hi, I've got access to your gmail interface, jojojo...". Naturally, I've now got to uninstall diigo to close what looks like a security hole.

Here's the screen shot:
http://www.masseytexas.com/temp/GoogleAccessMessage.png

locative is a member ofdiigo and contributor to this forum.

Anyone else have this happen?

--Brian
post by bmassey on 2008-03-13
Hi Brian,

I can't access to your URL. So, I can't guess your trouble. Please tell us more information. I believe it is not relate to this group member, just 'spoofing' or like that.

Mah
post by mahsaito on 2008-03-13
Hi Brian,

Thanks for your post. First, please rest assured that there is no security issue here whatsoever at all-

The comment you saw was just a general public sticky note comment to a URL ( here is http://mail.google.com/mail/) and nothing more. Neither diigo team members nor diigo users can access your gmail information.

Jose wrote a "joking" message & it's not quite appropriate; thus this kind of misunderstanding. He's a great user, so I'm sure it was not "intentional".... We're sorry about any concern that this may have caused.

This is what we consider "junk/spam" message, and we certainly encourage users' active reporting of inappropriate public comments, so we can all do our part to keep the diigo community free of junk / spam. .

By the way, we have removed that public comment.
post by maggie_diigo on 2008-03-13
Maggie,

Thanks. Sorry for the broken link.

Diigo's great.

--Brian

maggie_diigo wrote:
> Hi Brian,
>
> Thanks for your post. First, please rest assured that there is no security issue here whatsoever at all-
[snip]
post by bmassey on 2008-03-14