{"id":10236,"date":"2021-11-09T12:32:43","date_gmt":"2021-11-09T09:32:43","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10236"},"modified":"2021-11-09T12:32:43","modified_gmt":"2021-11-09T09:32:43","slug":"whats-wrong-with-forged-green-pass","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/whats-wrong-with-forged-green-pass\/10236\/","title":{"rendered":"\u0130nternetteki sahte Ye\u015fil Ge\u00e7i\u015f Sertifikalar\u0131 \u2014 Ba\u015f\u0131n\u0131za gelebilecekler"},"content":{"rendered":"<p>Kimli\u011fi belirsiz doland\u0131r\u0131c\u0131lar, hacker forumlar\u0131nda ve Telegram kanallar\u0131nda <a href=\"https:\/\/nltimes.nl\/2021\/10\/27\/covid-access-pass-qr-code-issued-adolf-hitler-ministry-investigating\" target=\"_blank\" rel=\"noopener nofollow\">Ye\u015fil Ge\u00e7i\u015f sertifikalar\u0131n\u0131n<\/a> (Green Pass \u2014 Avrupa Birli\u011fi\u2019ndeki bir\u00e7ok kamusal alan ve etkinli\u011fe eri\u015fim ve seyahat i\u00e7in gereken sertifikalar) sat\u0131\u015f\u0131n\u0131 yap\u0131yor. Yapabileceklerini g\u00f6stermek ve potansiyel m\u00fc\u015fterilerin ilgisini \u00e7ekmek i\u00e7in de Adolf Hitler ad\u0131na bir Ye\u015fil Ge\u00e7i\u015f sertifikas\u0131 olu\u015fturdular. Bununla ilgili belki de en rahats\u0131z edici olan durumsa, bu sertifikadaki QR kodunun uygulama do\u011frulamas\u0131ndan ge\u00e7erli bir sertifika olarak ge\u00e7mesi. Bu durum, yaz\u0131m\u0131zda cevaplamaya \u00e7al\u0131\u015faca\u011f\u0131m\u0131z bir dizi soruyu g\u00fcndeme getiriyor.<\/p>\n<h2>Ye\u015fil Ge\u00e7i\u015f sertifikas\u0131 nedir?<\/h2>\n<p>Ye\u015fil Ge\u00e7i\u015f sertifikas\u0131, ki\u015finin a\u015f\u0131land\u0131\u011f\u0131n\u0131, yak\u0131n zamanda COVID-19 ge\u00e7irdi\u011fini veya h\u0131zl\u0131 test i\u00e7in 48, PCR i\u00e7in 72 saat i\u00e7inde negatif sonu\u00e7 ald\u0131\u011f\u0131n\u0131 do\u011frulayan bir sertifikad\u0131r. Sertifikada, bir uygulama ile do\u011frulanabilen bir QR kodu bulunur. Ye\u015fil Ge\u00e7i\u015f Sertifikas\u0131, Avrupa Birli\u011fi \u00fclkeleri ile \u0130srail (sertifikan\u0131n ilk geli\u015ftirildi\u011fi \u00fclke), T\u00fcrkiye, \u0130zlanda, Ukrayna, \u0130svi\u00e7re, Norve\u00e7 gibi <a href=\"https:\/\/ec.europa.eu\/info\/live-work-travel-eu\/coronavirus-response\/safe-covid-19-vaccines-europeans\/eu-digital-covid-certificate_en\" target=\"_blank\" rel=\"noopener nofollow\">di\u011fer baz\u0131 \u00fclkelerde<\/a> ge\u00e7erli standart bir belgedir.<\/p>\n<p>Sertifikalar genellikle a\u011fl\u0131k kurumlar\u0131 taraf\u0131ndan veriliyor. \u00dclkeye g\u00f6re de\u011fi\u015fiklik g\u00f6sterebilmekle birlikte seyahat edebilmek, barlara, restoranlara, m\u00fczelere girebilmek ve halka a\u00e7\u0131k etkinliklere kat\u0131labilmek i\u00e7in, e\u011fitim kurumlar\u0131 ve hatta i\u015f yerleri i\u00e7in Ye\u015fil Ge\u00e7i\u015f sertifikas\u0131na sahip olma zorunlulu\u011fu bulunuyor. Ye\u015fil Ge\u00e7i\u015f Sertifikas\u0131 her ne kadar bas\u0131l\u0131 halde de olabilse de \u00e7o\u011funlukla sertifikan\u0131 do\u011frulamas\u0131 i\u00e7in bir QR kodunun g\u00f6r\u00fcnt\u00fclendi\u011fi <a href=\"https:\/\/greenpassapp.eu\/\" target=\"_blank\" rel=\"noopener nofollow\">uygulama<\/a> \u015feklinde oluyor.<\/p>\n<h2>Sald\u0131rganlar sahte sertifikalar\u0131 nas\u0131l imzalayabiliyor?<\/h2>\n<p>\u0130nternet ve Telegram gruplar\u0131ndaki baz\u0131 \u015f\u00fcpheli sat\u0131c\u0131lar, g\u00f6r\u00fcn\u00fc\u015fe g\u00f6re \u00f6zellikle Polonya veya Fransa\u2019daki sa\u011fl\u0131k hizmetleri taraf\u0131ndan verilen sahte Ye\u015fil Ge\u00e7i\u015f sertifikalar\u0131n\u0131n sat\u0131\u015f\u0131n\u0131 yap\u0131yorlar. Bunu nas\u0131l ba\u015fard\u0131klar\u0131 konusunda <a href=\"https:\/\/github.com\/ehn-dcc-development\/hcert-spec\/issues\/103\" target=\"_blank\" rel=\"noopener nofollow\">baz\u0131 teoriler<\/a> var. Bu teorilerden birine g\u00f6re su\u00e7lular, bu t\u00fcr sertifikalar\u0131 olu\u015fturmalar\u0131n\u0131 sa\u011flayan gizli \u015fifreleme anahtar\u0131n\u0131 bir \u015fekilde ele ge\u00e7irdiler. B\u00f6yle bir \u015fey s\u00f6z konusuysa, ge\u00e7erli Ye\u015fil Ge\u00e7i\u015f sertifikalar\u0131n\u0131n muhtemelen yeniden d\u00fczenlenmesi gerekiyor.<\/p>\n<p>Di\u011fer bir teoriye g\u00f6reyse sat\u0131c\u0131lar\u0131n, Fransa ve Polonya\u2019daki sa\u011fl\u0131k kurumlar\u0131nda su\u00e7 ortaklar\u0131 var. Bu durumda, yeni bir kriptografik anahtar\u0131n olu\u015fturulmas\u0131 sorunun \u00e7\u00f6z\u00fclmesine pek de fayda sa\u011flamayacakt\u0131r \u2014 kolluk kuvvetlerinin kurumlardaki su\u00e7 ortaklar\u0131n\u0131 bulmas\u0131 gerekiyor.<\/p>\n<h2>Ye\u015fil Ge\u00e7i\u015f sisteminin g\u00fcvenli\u011fi tamamen mi ihlal edilmi\u015f durumda?<\/h2>\n<p>\u00c7o\u011fu AB \u00fclkesinde verilen Ye\u015fil Ge\u00e7i\u015f sertifikalar\u0131 ge\u00e7erlili\u011fini koruyor, en az\u0131ndan \u015fimdilik. Yaln\u0131zca Polonya ve Fransa\u2019da verilen sertifikalar konusunda \u015f\u00fcpheler s\u00f6z konusu.<\/p>\n<h2>Polonya ve Fransa\u2019da verilen Ye\u015fil Ge\u00e7i\u015f sertifikalar\u0131 iptal edilecek mi?<\/h2>\n<p>AB otoriteleri konuyla ilgili incelemelerini s\u00fcrd\u00fcr\u00fcyor. En k\u00f6t\u00fc senaryoda, t\u00fcm \u00fclkelerde olmasa da, Polonya ve Fransa\u2019daki sertifikalar\u0131n yeniden d\u00fczenlenmesi gerekiyor. K\u00f6t\u00fc niyetli ki\u015filer sertifikalar\u0131n verili\u015f tarihlerini de\u011fi\u015ftiremiyorlarsa, yaln\u0131zca baz\u0131 sertifikalar\u0131n yeniden d\u00fczenlenmesi yeterli olacak.<\/p>\n<h2>Sahte bir Ye\u015fil Ge\u00e7i\u015f sertifikas\u0131 sat\u0131n alabilir misiniz?<\/h2>\n<p>Yani, para verip bunu sat\u0131n alman\u0131z\u0131n \u00f6n\u00fcnde herhangi bir engel bulunmuyor. Ancak sahte sertifika ile AB \u00fclkelerini ziyaret etmek pek de iyi bir fikir de\u011fil. Birincisi, sahte sertifikalar iptal edilecek ve bu nedenle sadece maddi zarara u\u011frayacak olsan\u0131z da, kanun uygulay\u0131c\u0131lar\u0131n sahtekarlarla birlikte bu sertifikalar\u0131 sat\u0131n alanlar\u0131 da yakalama ihtimali s\u00f6z konusu. Sahte bir Ye\u015fil Ge\u00e7i\u015f sertifikas\u0131 sayesinde, Avrupal\u0131 kolluk kuvvetleriyle uzun bir g\u00f6r\u00fc\u015fme yapma f\u0131rsat\u0131n\u0131 yakalama ihtimaliniz olduk\u00e7a y\u00fcksek.<\/p>\n<p>Bir\u00e7ok nedenden \u00f6t\u00fcr\u00fc bunun Ye\u015fil Ge\u00e7i\u015f sertifikas\u0131 sistemiyle ilgili ya\u015fanan son doland\u0131r\u0131c\u0131l\u0131k olay\u0131 olmayaca\u011f\u0131na inan\u0131yoruz. Muhtemelen yak\u0131nda bu konuda farkl\u0131 doland\u0131r\u0131c\u0131l\u0131k olaylar\u0131yla da kar\u015f\u0131la\u015faca\u011f\u0131z. Ancak ya\u015fanan bu olay, kolluk kuvvetlerinin de konuya daha fazla dikkat etmesini sa\u011flayacakt\u0131r. Bu ve di\u011fer nedenlerden \u00f6t\u00fcr\u00fc, Avrupa\u2019daki resmi bir t\u0131p kurumu d\u0131\u015f\u0131nda herhangi bir yerden Ye\u015fil Ge\u00e7i\u015f kart\u0131 alman\u0131z\u0131 \u00f6nermiyoruz.<\/p>\n<p><strong><input type=\"hidden\" class=\"category_for_banner\" value=\"vpn\"><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0130nternette sat\u0131lan baz\u0131 sahte Ye\u015fil Ge\u00e7i\u015f sertifikalar\u0131 do\u011frulama testlerini ge\u00e7ebiliyor. Ancak, yine de bu sertifikalardan sat\u0131n almak iyi bir fikir de\u011fil. \u0130\u015fte bunun nedenleri.<\/p>\n","protected":false},"author":32,"featured_media":10237,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[995],"tags":[2375,612,2112,2414,2411,878,599],"class_list":{"0":"post-10236","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-covid-19","9":"tag-dolandiricilik","10":"tag-koronavirus","11":"tag-qr-kodlari","12":"tag-saglik-hizmetleri","13":"tag-teknoloji","14":"tag-uygulamalar"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/whats-wrong-with-forged-green-pass\/10236\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/whats-wrong-with-forged-green-pass\/23573\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/19020\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/9532\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/25633\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/whats-wrong-with-forged-green-pass\/23694\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/23213\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/whats-wrong-with-forged-green-pass\/26353\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/whats-wrong-with-forged-green-pass\/25881\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/whats-wrong-with-forged-green-pass\/31810\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/whats-wrong-with-forged-green-pass\/42728\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/whats-wrong-with-forged-green-pass\/17983\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/whats-wrong-with-forged-green-pass\/18385\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/whats-wrong-with-forged-green-pass\/15466\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/whats-wrong-with-forged-green-pass\/27661\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/whats-wrong-with-forged-green-pass\/31904\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/whats-wrong-with-forged-green-pass\/27779\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/whats-wrong-with-forged-green-pass\/24526\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/whats-wrong-with-forged-green-pass\/29888\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/whats-wrong-with-forged-green-pass\/29691\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/qr-kodlari\/","name":"QR kodlar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10236"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10236\/revisions"}],"predecessor-version":[{"id":10238,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10236\/revisions\/10238"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10237"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}