Danger of connecting to Adobe website. Its SSL certificate is not trusted anymore

Yes, I am always go to this link: https://contributor.stock.adobe.com/be_en/portfolio

but now for some reason the antivirus started issuing the warning described above

Me too - I'm getting the same warning, though with a slightly different explanation, probably because I'm using Kaspersky antivirus.
@Nancy OShea, @daniellei4510  - We access the site through https://contributor.stock.adobe.com, but once we reach the sign-in page, the URL changes to https://service.account.adobe.com automatically. After completing the full sign-in process - email, password, and 2FA - that’s when the warning pops up.

You might already be signed in, which could be why you don’t see this warning. But for users like us who have to log in each time, this kind of warning may (and probably should) appear if they have antivirus software.

I’ve gotten it both yesterday and today.

Here’s what Kaspersky says about the issue:
https://support.kaspersky.com/common/safemoney/12489?cid=290-WIN_21.21&utm_source=interceptor&utm_me...

I hope this is just a technical glitch and not something caused by any intruders. Either way, I think it would be helpful if Adobe could respond and clarify what's going on.

 

I hope this is just a technical glitch and not something caused by any intruders. Either way, I think it would be helpful if Adobe could respond and clarify what's going on.

By @Rajitha23461929g772

Adobe does not monitor this page, and they tend to address such issues silently. 

I can access my contributor account without any issue. What happens when you use @Nancy OShea's link? https://contributor.stock.adobe.com/

It works fine for me. 

https://service.account.adobe.com/ indeed issues a warning.

@Abambo  https://contributor.stock.adobe.com/ - the link works fine.. no problem with that..after visiting that, we have to click on "sign in" link right? then if you check the URL in the address bar, it will be something like this : https://auth.services.adobe.com/en_US/index.html?.......
we can sign in without any issue.. withing few seconds after signing in, tha particular warning message pops up via the virus guard. I got it today as well.

@2024creative and @Rajitha23461929g772,

This isn't the first time that somebody forgot to renew Adobe's TLS/SLL certs. 

I'll report the issue.  But this is the weekend.  It might not receive attention until Monday at the earliest. 

Thanks for your patience. 

let's hope so... 🙂

hey @Nancy OShea , Did you report the TLS/SSL issue to Adobe. I'm still getting the warning...

I did, and it has been forwarded to the relevant team.

antivirus software can be a little too paranoid at times. 

By @daniellei4510

==========

And rightfully so.  Log-ins over a non-secure connection are risky.  Nobody knows who's receiving/sending data on the other side. TLS/SSL Certs issued from a reputable Certificate Authority are about the only assurance that consumers have of a safe web experience.  When that breaks down, it inspires distrust that the site is doing all it should to protect its users.

Speaking as a website developer & owner, security is a constant battle with bad actors. And AI is making things worse.

IMO, everyone should use up to date anti-malware and spyware protection, no matter which devices you use. 

https://www.antivirusguide.com/best-anti-malware-mac/

I won't go so far as to say I haven't at times attempted to use antivirus software, and I've also installed it temporarily when my computer has started doing weird things like throwing pop-up adds at me, but I have yet to find one that doesn't slow my computer down, or give me spurious reports, or begin to heckle me constantly due to yearly notices when my subscription is about to run out. I have found a few minor viruses (nothing particularly dangerous...just annoying) as a result of using virus scanning software. In those cases, the software wants me to pay to have the virus removed, but they also give me the locations where the culprit is located, and I've been able to delete the file myself. Even my ISP offered free virus scanning software for a year, but it acted like virus itself and I turned it off, only to turn it on when I think I might have something suspicious on my machine. I also have a second computer that I used to download any software, or visit any sites, that I THINK look a bit on the suspicious side and install it there first, before installing on my main computer.

All that said, I suppose I wouldn't go so far as to insist NO ONE should install antivirus software on a Mac (at least not without a second Mac), but if one does have problems, disabling it temporarily has solved a handful of issues I've experienced in the past.

OFF TOPIC

I recently had to recertify my business site's PCI security compliance— a bank requirement to take online credit cards.  My bank contracts with a 3rd party site that handles the exam process. The site would not load in my browser. When I reported it, their help desk told me it was a problem on my end. So I tried with 3 different browsers & devices, with & without anti-virus, all to no avail.  I was finally able to reach the site over an old smartphone from a separate data plan.  But I would sooner go to hell & back than share sensitive data over a non-secure site connection.

I did some sleuthing and found the error was with the encryption method used on their server's certificates. Browsers refuse to land on a site perceived as a potential security threat. Anti-virus has nothing to do with it. Long story short, it was THEIR problem, not mine. 

I submitted screenshots to the help desk explaining the issue as I saw it and how they could fix it from their servers. But they still insisted the problem was on my end. 👿

Exasperated, I contacted the VP at my local bank. We all have the same ISP. He couldn't access the site, either. So I let my bank take the matter up with their 3rd party site.

Web security is complicated, best handled by experienced professionals.  

@daniellei4510 
As an IT guy who's seen this kind of issue and how it ends too many times, I can totally agree with @Nancy OShea . I wish you the best, @daniellei4510  and that you never ever run into a bad experience. Those annoying messages you were talking about are actually because your Mac is already infected, sir.

I've been using Kaspersky for so long, and I’ve set it up to the extreme security level. According to most users, Kaspersky is one of the most annoying virus guards - that’s because it checks almost every corner and reports every vulnerability it finds.

You know what? I haven’t gotten any warnings in years, except for this Adobe warning and a few other adware alerts from random sites. Virus guards aren’t annoying or bad - it’s usually us and our behavior.

Since I don’t know your background, I’m not going to explain too many technical things here. As @Nancy OShea said, it’s a certificate issue. It’s not a virus, but it could be more dangerous than that - or not dangerous at all. The risk is totally on us now.

It’s like walking through a sketchy area while a bunch of bad guys are watching you. You might pass through without any issue… or you might not. This certificate thing is like having two bodyguards next to you - not perfectly safe, but definitely safer than walking alone.

And finally, I recommend using an updated virus guard, sir - no exceptions nowadays. Even then, you're not 100% safe… but it’s still way better than having no protection at all, and at least it warns you about things like certificate issues

I won't go so far as to say I haven't at times attempted to use antivirus software, and I've also installed it temporarily when my computer has started doing weird things

By @daniellei4510

Oh, oh. There are some security problems with this:

1. You need to have an antivirus program running all the time. I agree, some are not working well, and some even introduce security threads on their own. I recommend for some time using Microsoft Defender on Windows. Likewise, I suppose that for macOS you'll also have an integrated protection. 
2. Having an offline antivirus on a USB stick to boot with, without the help of the OS installed on the computer's disk, helps when the computer does weird things. You avoid having the virus using stealth technology to hide itself from the scanner.
3. You need to have firewall protection to connect to the internet. Here also, I'm using the Windows firewall. And in addition, my router also has a nice and excellent firewall integrated. 
4. when your computer starts to do odd things, it may be too late. It's like locking the door when the thief has the keys. 
5. Disabling any security measure can only be considered as a temporary measure in a well contained environment. It should not be a permanent situation. 
6. Do not invite people to connect remotely to your computer, if they are not to be trusted. Not everyone claiming to be Microsoft or Adobe is Microsoft or Adobe. 

Trust me, I've tried. And they have always caused issues., primarily slowing down my computer to a crawl, false positives, etc. I also worked for a company that used PCs and ended up having to work from home because of all the issues they would have for one reason or another, from viruses, unending spam and scam emails because they used their own email server, and I'm sure it didn't help that they had no issues using pirated software that I refused to load on my own work computer. In any case, as I mentioned, I have two Macs...my working Mac contains the Adobe suite and the software that came with the computer. Everything else (include any sites that I've visited for the first time) goes on my 2015 iMac. All my images, business files, etc. are stored on backups of backups, both online and in the cloud. Again, I wouldn't go out of my way to insist anyone with a Mac should follow my example, but so far, so good. Fingers crossed in the meantime, I guess.

I'm sure it didn't help that they had no issues using pirated software 

By @daniellei4510

That is a fast and quite secure manner to get nice and sophisticated viruses. 

Most third-party virus checking software, we used at the office, did slow down the computer. On my private computers, I found that the Microsoft antivirus program did work very well. So I used that one. Years later, the company followed my path… 

As a side note: we prohibited the use of copied software some 35 years ago, standard at the time was to buy software once and install it several times. For legal reasons.

Microsoft Defender, I think, is just fine, and have used it for a long time now with no issues.