Community Discussions and Support
GMAIL "Potential Security Problem"

Quick follow up:  the gmail problem has, ehh, disappeared, stopped?!   No software has been installed or removed.  I have done nothing since my last post.  I have no clue what happened here.  Be well.

Quick follow up:  the gmail problem has, ehh, disappeared, stopped?!   No software has been installed or removed.  I have done nothing since my last post.  I have no clue what happened here.  Be well.

Hello everyone,

Within the last week or so --- beginning about 14Jul14?, when auto checking my two gmail accounts, Pegasus has put up this message:

Banner:  Security Warning - certificate fingerprint mismatch

Title: Potential Security Problem.

 Whether I click the presented "Help" or "Update and continue" buttons, the message disappears and the autochecking completes.  No Help is displayed. I do receive the gmail emails.

Just to check what would happen, I changed from my "default" Pegasus identity (Verizon) to each of my Gmail identities and did selective mail checks.  If sufficient time had elapsed, Gmail's "memory" reset such that I got the same Security Warning for each account.  If I did these identity changes and selective mail checks too soon after clicking Help or Continue, the Warning did not appear.

I do not know whether the following is a related issue .

Trying to figure out what is going on, I tried and failed to web access the gmail accounts through Firefox.  Google put up a message that my "browser seems to have cookies disabled."  As far as I can tell, this is false for both my firewall and my Firefox.  Just to be sure, I changed my Firefox settings to actually request tracking in addition to enabling third-party cookies for the session.  No access continued.

So,

- mismatch halts gmail check through Pegasus

- ignore mismatch downloads gmail

- same gmail login but through Firefox fails.

Ever heard of this?  Solutions?

Thanks.

<p>Hello everyone, </p><p>Within the last week or so --- beginning about 14Jul14?, when auto checking my two gmail accounts, Pegasus has put up this message:</p><p>Banner:  Security Warning - certificate fingerprint mismatch</p><p>Title: Potential Security Problem.</p><p> Whether I click the presented "Help" or "Update and continue" buttons, the message disappears and the autochecking completes.  No Help is displayed. I do receive the gmail emails.</p><p>Just to check what would happen, I changed from my "default" Pegasus identity (Verizon) to each of my Gmail identities and did selective mail checks.  If sufficient time had elapsed, Gmail's "memory" reset such that I got the same Security Warning for each account.  If I did these identity changes and selective mail checks too soon after clicking Help or Continue, the Warning did not appear. </p><p>I do not know whether the following is a related issue .</p><p>Trying to figure out what is going on, I tried and failed to web access the gmail accounts through Firefox.  Google put up a message that my "browser seems to have cookies disabled."  As far as I can tell, this is false for both my firewall and my Firefox.  Just to be sure, I changed my Firefox settings to actually <i>request</i> tracking in addition to enabling third-party cookies for the session.  No access continued.</p><p>So, </p><p>- mismatch halts gmail check through Pegasus</p><p>- ignore mismatch downloads gmail</p><p>- same gmail login but through Firefox fails.</p><p>Ever heard of this?  Solutions?</p><p>Thanks. </p>

I could be that you have certificate fingerprint tracking enabled and Gmail has changed their certificate.  That setting is in the Security tab of the POP3 host configuration.  The solution may be as simple as deleting the current certificate and accepting the new one but I am not certain about that.  The help file might offer some insight on how the certificate fingerprint tracking works and how to update one.

As for not being able to login to Gmail, I can confirm that if cookies are disabled in FF you will receive the "Oops!  Your browser seems to have cookies disabled..." message.  If the "Accept cookies from sites" option is enabled in FF then check the exceptions for a block that is causing the problem.  Also, try logging in to Gmail with IE.  If you can then you know for sure that you have a problem in FF.


 

<p>I could be that you have certificate fingerprint tracking enabled and Gmail has changed their certificate.  That setting is in the Security tab of the POP3 host configuration.  The solution may be as simple as deleting the current certificate and accepting the new one but I am not certain about that.  The help file might offer some insight on how the certificate fingerprint tracking works and how to update one. </p><p>As for not being able to login to Gmail, I can confirm that if cookies are disabled in FF you will receive the "Oops!  Your browser seems to have cookies disabled..." message.  If the "Accept cookies from sites" option is enabled in FF then check the exceptions for a block that is causing the problem.  Also, try logging in to Gmail with IE.  If you can then you know for sure that you have a problem in FF. </p><h1> </h1><p> </p>

Genius!! 

 

Thank you, bfluet, but...

I had thought you 99.9% correct. 

I do have fingerprint tracking enabled. Following your advice, I deleted the certificate Pegasus had in place for Google.  Deletion resulted in a blank field which I checked after saving the configuration by opening it up again and seeing the blank.  I then queried for new mail. Smooth as silk.  Then I reopened Pegasus's Security and there was the certificate.  Funny thing.  It is exactly the same character sequence.  Before deleting, I had copied the sequence into Jarte.  After mail retrieval, I copied the certificate ID again because inspection of the very long sequence seemed to show it as the same.  Copying into Jarte directly under the "old" sequence showed them to be identical!

There is something peculiar about my installation of Pegasus, I guess.  For example, nothing at all ever popped up when I clicked for Help in the Pegasus security warning.  The message just went away and Pegasus downloaded the email.  Similarly, nothing permanent ever happened when I clicked the Update [certificate] and continue button in that security warning.

However, as I was writing this reply, Pegasus did its auto check and... Security warning.  Oh well

As for web gmail, I do not remember blocking, or having any reason to block, accounts.google.com, but there it was.  I removed the block and that web mail is working fine.  Good thing, too.  I had not kept abreast of what the once valiant Google was doing.  Went through many of the myriad (new) setup/preferences options and set them as I wanted them.

 Anyway, thanks again.

<p>Genius!!  </p><p> </p><p>Thank you, bfluet, but...</p><p>I had thought you 99.9% correct. </p><p>I do have fingerprint tracking enabled. Following your advice, I deleted the certificate Pegasus had in place for Google.  Deletion resulted in a blank field which I checked after saving the configuration by opening it up again and seeing the blank.  I then queried for new mail. Smooth as silk.  Then I reopened Pegasus's Security and there was the certificate.  Funny thing.  It is exactly the same character sequence.  Before deleting, I had copied the sequence into Jarte.  After mail retrieval, I copied the certificate ID again because inspection of the very long sequence seemed to show it as the same.  Copying into Jarte directly under the "old" sequence showed them to be identical!</p><p>There is something peculiar about my installation of Pegasus, I guess.  For example, nothing at all ever popped up when I clicked for Help in the Pegasus security warning.  The message just went away and Pegasus downloaded the email.  Similarly, nothing permanent ever happened when I clicked the Update [certificate] and continue button in that security warning.</p><p>However, as I was writing this reply, Pegasus did its auto check and... Security warning.  Oh well</p><p>As for web gmail, I do not remember blocking, or having any reason to block, accounts.google.com, but there it was.  I removed the block and that web mail is working fine.  Good thing, too.  I had not kept abreast of what the once valiant Google was doing.  Went through many of the myriad (new) setup/preferences options and set them as I wanted them.</p><p> Anyway, thanks again. </p>

So far no one else has reported a certificate change so I wonder if something more might be going on.  From the help file: 

If the certificate has changed, this may be an innocent administrative issue (for instance, the old certificate may have expired or been replaced), but it may also indicate a security breach, or the presence of a "middleman" eavesdropping on your messages in transit. In either case, the fact that the certificate has changed acts as a warning to you to contact your ISP or system administrator to check on the integrity of the system.

This is beyond my knowledge so I do not have any advice about how to figure out whether you have this type of problem. 

<p>So far no one else has reported a certificate change so I wonder if something more might be going on.  From the help file:  </p><p><i>If the certificate has changed, this may be an innocent administrative issue (for instance, the old certificate may have expired or been replaced), but it may also indicate a security breach, or the presence of a "middleman" eavesdropping on your messages in transit. In either case, the fact that the certificate has changed acts as a warning to you to contact your ISP or system administrator to check on the integrity of the system. </i></p><p>This is beyond my knowledge so I do not have any advice about how to figure out whether you have this type of problem.  </p>

It is a terrible thing, I just find it exceedingly difficult to trust anyone, especially the big boys, in this case, Verizon, my ISP.  Because of the changes Verizon kept making that forced me to periodically rejigger my Pegasus configurations, a while back I implemented stunnel for my Verizon email on great advice/guidance in this forum from...I think it was something like "redhat".  I have to look up that very generous assistance when I close this response.  In the meantime, I suppose it has to be done.  I will contact Verizon.  Thanks again, Brian Fluet.

It is a terrible thing, I just find it exceedingly difficult to trust anyone, especially the big boys, in this case, Verizon, my ISP.  Because of the changes Verizon kept making that forced me to periodically rejigger my Pegasus configurations, a while back I implemented stunnel for my Verizon email on great advice/guidance in this forum from...I think it was something like "redhat".  I have to look up that very generous assistance when I close this response.  In the meantime, I suppose it has to be done.  I will contact Verizon.  Thanks again, Brian Fluet.
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft