Brower potential security risk

Michael Mayfield's Avatar

Michael Mayfield (unverified)

23 Sep, 2020 04:11 PM

I've started getting this message from my various web browsers (Firefox, Safari, etc.):

Warning: Potential Security Risk Ahead

Firefox detected a potential security threat and did not continue to u1584542.ct.sendgrid.net. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

  1. 1 Posted by Michael Mayfiel... on 23 Sep, 2020 04:13 PM

    Michael Mayfield's Avatar

    I started getting this message when clicking on an article:

    Warning: Potential Security Risk Ahead

    Firefox detected a potential security threat and did not continue to u1584542.ct.sendgrid.net. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

  2. 2 Posted by Graeme Magruder... on 24 Sep, 2020 06:18 PM

    Graeme Magruder's Avatar

    I also started getting this message a couple of weeks ago. MacBook Pro, OS Catalina 10.15.6, Safari 14 (also FireFox and Chrome). It now seems to occur on every Kos link. It also occurs on many website links sent via ActionNetwork.org (including the link TO Action Network.org).

  3. 3 Posted by Sandy D'Annunzi... on 25 Sep, 2020 03:50 AM

    Sandy D'Annunzio's Avatar

    I've been seeing this also when I try to follow any links in emails from dkos. Worst of all, I've been seeing the same problem on fundraising emails from DNC, Biden and other democrats. Did the Russians break sendgrid.net's SSL certificate?

  4. Support Staff 4 Posted by elfling on 25 Sep, 2020 05:53 PM

    elfling's Avatar

    I think what has happened here is that the browsers have upgraded something about their security model and Sendgrid - which is a service that sends emails for all kinds of businesses and organizations - has not completely reset to their expectations. I can promise you that all our Sendgrid links are clean and that we have dedicated servers with them that should not be sending anything I wouldn't want to click on myself.

    I'm not seeing the security issue today after upgrading to Safari 14 so I'm continuing to investigate, since clearly some of you are.

  5. 5 Posted by Ben Stetson (un... on 26 Sep, 2020 03:42 PM

    Ben Stetson's Avatar

    I am seeing similar warnings on Chrome and on Edge and blocking me from continuing to the donation link .

  6. 6 Posted by uess on 05 Oct, 2020 07:42 PM

    uess's Avatar

    i am getting this kind of warning from firefox (ver. 81), chrome and edge on my windows computer and from safari on my iphone. clearly, this is something about sendgrid. it's possible that sendgrid's certificate has expired or that sendgrid isn't using the latest tls version.

  7. Support Staff 7 Posted by Daily Kos Staff on 05 Oct, 2020 07:57 PM

    Daily Kos Staff's Avatar

    You are correct, uess, that the issue arises with SendGrid. Please see elfling's message above, noting that we have confidence in our own security measures and that what we send is trustworthy. The matter of the security warnings is outside of our control.

  8. Daily Kos Staff closed this discussion on 05 Oct, 2020 07:57 PM.

  9. uess re-opened this discussion on 05 Oct, 2020 10:49 PM

  10. 8 Posted by uess on 05 Oct, 2020 10:49 PM

    uess's Avatar

    thanks. but i think sendgrid might be interested to know that kossacks are having difficulty and, if sendgrid already knows about it, perhaps daily kos might grumble a little louder about finding a vendor who can perform this function without triggering security warnings in every one of the major browsers.

     

    thanks,

     

    uess

  11. 9 Posted by Susan Klement (... on 06 Oct, 2020 02:30 AM

    Susan Klement's Avatar

    I installed the Mojave supplemental update that just came out and that supposedly fixed the security problems. I say "supposedly" because it didn't. The problems that everybody reported, including one I sent, continue. So annoying.

  12. Support Staff 10 Posted by Daily Kos Staff on 06 Oct, 2020 10:32 PM

    Daily Kos Staff's Avatar

    I'm sorry, and yes, it is annoying. Thanks for your perseverance and for letting us know what you're still seeing.

  13. 11 Posted by Mrbtl (unverifi... on 07 Oct, 2020 08:38 PM

    Mrbtl's Avatar

    Dailykks please correct this situation because thousands of users couldn’t see your publication!

  14. 12 Posted by Susan Klement (... on 07 Oct, 2020 08:39 PM

    Susan Klement's Avatar

    Dailykos.com <http://dailykos.com/> has most if not all the same items.

  15. 13 Posted by uess on 07 Oct, 2020 08:55 PM

    uess's Avatar

    i guess my frustration is that someone at dkos is going to the trouble of curating the list of links, but no one at dkos thinks enough of the users to get to the bottom of the problem and find a solution or a workaround. pointing out that users can find a way to the articles by replicating the work of the person who’s curating the list is kind of user-hostile.

  16. 14 Posted by Susan Klement (... on 07 Oct, 2020 08:56 PM

    Susan Klement's Avatar

    The reply I got a while back is that they are working on the problem.

  17. 15 Posted by uess on 07 Oct, 2020 10:45 PM

    uess's Avatar

    ok, but the most recent communications i’ve seen are these two messages from daily kos staff:

     

    on oct. 5:

    From: Daily Kos Staff (Support staff)

    You are correct, uess, that the issue arises with SendGrid. Please see elfling's message above, noting that we have confidence in our own security measures and that what we send is trustworthy. The matter of the security warnings is outside of our control.

    and on oct. 6:

    From: Daily Kos Staff (Support staff)

    I'm sorry, and yes, it is annoying. Thanks for your perseverance and for letting us know what you're still seeing.

     

    i do hope they’re working on it, though.

     

    thanks,

     

    uess

  18. 16 Posted by Mike DAVIS (unv... on 08 Oct, 2020 04:50 PM

    Mike DAVIS's Avatar

    Problem still there.
    This site can’t provide a secure connection
    u1584542.ct.sendgrid.net sent an invalid response.

  19. 17 Posted by Paul Frese (unv... on 09 Oct, 2020 12:35 PM

    Paul Frese's Avatar

    Same problem. Until it is addressed , I cannot view any of the links in your email. If problems persist, I ( along with many others) will be forced to unsubscribe.

  20. Support Staff 18 Posted by Daily Kos Staff on 09 Oct, 2020 06:22 PM

    Daily Kos Staff's Avatar

    Hello again, everyone.

    I hesitate to provide an over-general answer, since I cannot be sure that you are all experiencing the exact same problem (though odds are good that they are all similar enough).

    We can and do provide our assurance that we have our own dedicated servers for our SendGrid links. We're not sending out any malware through them.

    If you are comfortable taking our word for it, here is a step that you can take while we continue to work on this issue. The next time you see one of these warnings, you can use it to whitelist our hostname, u1584542.ct.sendgrid.net with your browser/security software. Depending on the type of warning you're receiving, you may be able to choose Advanced --> Add Exception --> Confirm Security Exception (or similar options) relative to this hostname. You may need to do an online search to learn how to accomplish this task in other contexts.

    If you remain reluctant to open the link or to add our hostname to a whitelist, then you can still find and read the linked content we are sending you. If you see a story within a Daily Kos email that you want to read, you can go to this page and skim the titles. Or, alternatively, you can use the site Search function, available at the top of every site page, to find a specific title. You can refine the results by choosing to search on Title instead of Title and Text (or by using the Advanced Search option).

    Thanks for your understanding and patience as we address this issue.

  21. 19 Posted by uess on 09 Oct, 2020 08:18 PM

    uess's Avatar

    thanks. i will now highlight the best 7 words in your response:

     

    “ ... we continue to work on this issue.”

     

    unfortunately, firefox reports that:

     

    “The error page will include a description of the potential security threat, an option to report the error to Mozilla and an ...Advanced… button to view the error code and other technical details. There is no option to add a security exception to visit the website.”

     

    so i eagerly await the day when you can report that the issue is resolved. thanks.

     

    uess

  22. Support Staff 20 Posted by Daily Kos Staff on 09 Oct, 2020 08:56 PM

    Daily Kos Staff's Avatar

    Thanks for the updates.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac