{"id":1064,"date":"2014-04-10T13:38:38","date_gmt":"2014-04-10T17:38:38","guid":{"rendered":"http:\/\/www.kaspersky.com.tr\/blog\/?p=1064"},"modified":"2020-02-26T18:35:55","modified_gmt":"2020-02-26T15:35:55","slug":"heartbleed-guvenlik-acigi-binlerce-sitede-guvenliginizi-tehlikeye-atabilir","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/heartbleed-guvenlik-acigi-binlerce-sitede-guvenliginizi-tehlikeye-atabilir\/1064\/","title":{"rendered":"“Heartbleed” G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Binlerce Sitede G\u00fcvenli\u011finizi Tehlikeye Atabilir"},"content":{"rendered":"

E\u011fer bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 sabah 8 haberlerine \u00e7\u0131k\u0131yorsa ger\u00e7ekten ciddi bir durum var demektir. T\u0131pk\u0131 bu sabah, Internet \u00fczerinde en yayg\u0131n kullan\u0131lan kriptolama k\u00fct\u00fcphanesi olan OpenSSL ile ilgili ortaya \u00e7\u0131kan Heartbleed isimli g\u00fcvenlik a\u00e7\u0131\u011f\u0131nda oldu\u011fu gibi. E\u011fer bu konuda kafan\u0131z kar\u0131\u015ft\u0131ysa endi\u015fe etmeyin, bundan sonraki 500 kelime i\u00e7inde t\u00fcm hikayeyi anlataca\u011f\u0131z.<\/p>\n

Google, Facebook veya bankan\u0131z\u0131n online sitesi gibi bir web sitesine kriptolu ba\u011flant\u0131<\/a> kurdu\u011funuzda verileriniz SSL\/TLS protokol\u00fc ile \u015fifrelenerek g\u00f6nderilir. Pek \u00e7ok popular web sunucusu bu i\u015fi yapmas\u0131 i\u00e7in OpenSSL k\u00fct\u00fcphanesini kullan\u0131r. Bu hafta ba\u015f\u0131nda OpenSSL ekibi \u201cHeartbeat\u201d isimli TLS \u00f6zelli\u011fi i\u00e7in ciddi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in yama yay\u0131nlad\u0131<\/a>. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 nedeniyle sald\u0131ganlar sunucu haf\u0131zas\u0131n\u0131n 64kB\u2019l\u0131k k\u0131sm\u0131na kadar\u0131n\u0131 g\u00f6rebilirler.<\/p>\n

Di\u011fer bir deyi\u015fle, Internet \u00fczerindeki herhangi biri bu k\u00fct\u00fcphanenin g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan s\u00fcr\u00fcm\u00fcn\u00fcn \u00e7al\u0131\u015ft\u0131\u011f\u0131 bir makinan\u0131n haf\u0131zas\u0131n\u0131 okuyabilir. En k\u00f6t\u00fc senaryoda bu k\u00fc\u00e7\u00fck haf\u0131za bloku, kullan\u0131c\u0131 ad\u0131, \u015fifre hatta sunucunun kriptolu ba\u011flant\u0131 kurmak i\u00e7in kulland\u0131\u011f\u0131 \u00f6zel anahtar gibi hassas verileri i\u00e7eriyor olabilir. Bunlara ek olarak, Heartbleed g\u00fcvenlik a\u00e7\u0131\u011f\u0131 arkas\u0131nda hi\u00e7 bir iz b\u0131rakm\u0131yor. Yani sunucunun hack edilip edilmedi\u011fini, edildiyse ne t\u00fcr verilerin \u00e7al\u0131nd\u0131\u011f\u0131n\u0131 s\u00f6ylemek m\u00fcmk\u00fcn de\u011fil.<\/p>\n

\u0130yi haber OpenSSL bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131na yama yay\u0131nlad\u0131. K\u00f6t\u00fc haber, Heartbleed g\u00fcvenlik a\u00e7\u0131\u011f\u0131na sahip olan sitelerin bu yamay\u0131 y\u00fcklediklerinin bir garantisi yok. Daha k\u00f6t\u00fc haber, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanmak \u00e7ok kolay g\u00f6z\u00fck\u00fcyor ve en az iki y\u0131ld\u0131r sunucular bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ile \u00e7al\u0131\u015f\u0131yordu. Yani pek \u00e7ok pop\u00fcler web sitesinin sertifikalar\u0131, hatta \u015fifreleri de dahil hassas bilgileri \u00e7al\u0131nm\u0131\u015f olabilir.<\/p>\n

Kullan\u0131c\u0131lar i\u00e7in eylem plan\u0131<\/h1>\n