{"id":1100,"date":"2014-04-17T02:47:52","date_gmt":"2014-04-17T06:47:52","guid":{"rendered":"http:\/\/www.kaspersky.com.tr\/blog\/?p=1100"},"modified":"2020-02-26T18:35:58","modified_gmt":"2020-02-26T15:35:58","slug":"heartbleed-bize-ne-ogretti","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/heartbleed-bize-ne-ogretti\/1100\/","title":{"rendered":"Heartbleed Bize Ne \u00d6\u011fretti?"},"content":{"rendered":"<p><span style=\"line-height: 1.5em\">Blog yaz\u0131lar\u0131ndaki amac\u0131m\u0131z sadece zararl\u0131 yaz\u0131l\u0131mlar\u0131 ve g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 analiz etmek, en son g\u00fcvenlik tehditlerinden bahsetmek de\u011fil. Amac\u0131m\u0131z ayn\u0131 zamanda kullan\u0131c\u0131lara nas\u0131l kendi g\u00fcvenliklerini in\u015fa edebileceklerini a\u00e7\u0131klamak ve onlar\u0131 e\u011fitmek. Bu durumda bahsedilmesi gereken en \u00f6nemli konular\u0131n ba\u015f\u0131nda yedekleme, zararl\u0131 yaz\u0131l\u0131mlara kar\u015f\u0131 korunma, en son g\u00fcvenlik yamalar\u0131 ile sisteminizi g\u00fcncel tutma ve tabi ki kriptolama kullan\u0131m\u0131 gelmektedir. Hepsini daha \u00f6nce duymu\u015fsunuzdur.<\/span><\/p>\n<p>Ama ya kulland\u0131\u011f\u0131n\u0131z g\u00fcvenlik yaz\u0131l\u0131m\u0131n\u0131n kendisi savunmas\u0131z hale gelir ve sald\u0131rganlar i\u00e7in sisteminize giri\u015f noktas\u0131 olu\u015fturursa?<\/p>\n<p>\u00d6zellikle <a href=\"https:\/\/www.kaspersky.com\/blog\/heartbleed-howto\/\" target=\"_blank\" rel=\"noopener nofollow\">Heartbleed<\/a> sald\u0131r\u0131s\u0131 ortaya \u00e7\u0131kt\u0131ktan sonra bu konu \u00e7ok s\u0131cak bir g\u00fcndem olu\u015fturuyor. Ortaya \u00e7\u0131kt\u0131\u011f\u0131ndan beri SSL ve Heartbleed sald\u0131r\u0131s\u0131 hakk\u0131nda \u00e7ok fazla yaz\u0131 okumu\u015fsunuzdur. Bu yaz\u0131da bu t\u00fcr g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n neden \u00e7ok kritik oldu\u011fundan bahsedece\u011fiz.<\/p>\n<p>Heartbleed sald\u0131r\u0131s\u0131ndan bahsetmeden \u00f6nce, g\u00fcn\u00fcm\u00fczde g\u00fcvenlik \u00fcr\u00fcnleri ve \u00e7\u00f6z\u00fcmlerine bak\u0131\u015f a\u00e7\u0131m\u0131z\u0131n biraz sorunlu oldu\u011funa de\u011finmek laz\u0131m. Kullan\u0131c\u0131lar, g\u00fcvenlik \u00fcr\u00fcn\u00fc veya \u00e7\u00f6z\u00fcm\u00fc se\u00e7erken \u00f6zelliklerine ve fonksiyonlar\u0131na bak\u0131p e\u011fer ihtiya\u00e7lar\u0131na uygun g\u00f6r\u00fcn\u00fcyorsa sat\u0131n al\u0131yor.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>G\u00fcn\u00fcm\u00fczde kullan\u0131c\u0131lar\u0131n g\u00fcvenlik \u00fcr\u00fcnlerine ve \u00e7\u00f6z\u00fcmlerine bak\u0131\u015f a\u00e7\u0131s\u0131 sorunlu \u2013 @JacobyDavid<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2FHsK6&amp;text=%3Ci%3EG%C3%BCn%C3%BCm%C3%BCzde+kullan%C4%B1c%C4%B1lar%C4%B1n+g%C3%BCvenlik+%C3%BCr%C3%BCnlerine+ve+%C3%A7%C3%B6z%C3%BCmlerine+bak%C4%B1%C5%9F+a%C3%A7%C4%B1s%C4%B1+sorunlu+%E2%80%93+%40JacobyDavid%3C%2Fi%3E\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>G\u00fcvenlik \u00fcr\u00fcn\u00fc veya \u00e7\u00f6z\u00fcm\u00fcn\u00fcn kullan\u0131c\u0131n\u0131n yerine ger\u00e7ekle\u015ftirmedi\u011fi her \u015feyi unutuluyor. Bu \u00fcr\u00fcnlerin ve \u00e7\u00f6z\u00fcmlerin g\u00fcvenli bir d\u00fc\u015f\u00fcnce yap\u0131s\u0131 ile kullan\u0131lmas\u0131 gerekti\u011fi unutulmamal\u0131.<i><\/i><\/p>\n<p>OpenSSL Heartbleed g\u00fcvenlik a\u00e7\u0131\u011f\u0131nda bahsederken neden bu konuya girdik? Genel olarak kullan\u0131c\u0131lar Internet\u2019in g\u00fcvenli bir platform oldu\u011funu varsay\u0131yorlar ve internette arkada\u015fl\u0131k siteleri, al\u0131\u015fveri\u015f, ileti\u015fim, finansal i\u015flemler vs. gibi daha pek \u00e7ok ki\u015fisel i\u015flem yap\u0131yorlar. Sorun \u015fu ki, internette bir problem ya\u015fand\u0131\u011f\u0131nda her \u015fey \u00e7ok h\u0131zl\u0131 olarak daha k\u00f6t\u00fc bir hale gelebilir.<\/p>\n<p>Birinci b\u00fcy\u00fck problem internetin \u00e7ok par\u00e7al\u0131 bir yap\u0131ya sahip olmas\u0131d\u0131r. Baz\u0131 online kaynaklar y\u00fcksek g\u00fcvenli\u011fe ve g\u00fc\u00e7l\u00fc bir altyap\u0131ya sahipken baz\u0131 kaynaklar ise \u00e7ok fazla g\u00fcvenlik a\u00e7\u0131\u011f\u0131na sahip ve k\u0131r\u0131lgand\u0131rlar. Ayr\u0131ca \u00e7ok g\u00fcvenli ve g\u00fc\u00e7l\u00fc olarak farz etti\u011fimiz siteler \u00e7ok say\u0131da ba\u011f\u0131ml\u0131l\u0131\u011fa sahip oldu\u011fu i\u00e7in zaman zaman savunmas\u0131z hale gelebilirler. BT sistemlerindeki her bir bile\u015feni g\u00fcvenli hale getirmek m\u00fcmk\u00fcn de\u011fildir.<\/p>\n<div class=\"pullquote\">Internet altyap\u0131s\u0131nda bir problem ya\u015fand\u0131\u011f\u0131nda her \u015fey \u00e7ok h\u0131zl\u0131 bir \u015fekilde, \u00e7ok daha k\u00f6t\u00fc bir hale gelebilir<\/div>\n<p>Internet kullan\u0131rken en k\u00f6t\u00fc senaryoyu d\u00fc\u015f\u00fcn\u00fclmeli ve buna uygun \u00f6nlemler al\u0131nmal\u0131d\u0131r. Problem \u015fu ki, kullan\u0131c\u0131lar Internet \u00fczerinde g\u00fcvenli oldu\u011funu d\u00fc\u015f\u00fcnd\u00fc\u011f\u00fc t\u0131bbi sistemler, kamu sistemleri vs. gibi sistemleri s\u00fcrekli kullanmaktad\u0131r. Bu nedenle Heartbleed gibi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ortaya \u00e7\u0131kt\u0131\u011f\u0131nda sorun \u00e7ok b\u00fcy\u00fck olmaktad\u0131r.<\/p>\n<p>Heartbleed sald\u0131r\u0131s\u0131n\u0131n ne kadar yay\u0131ld\u0131\u011f\u0131n\u0131 ve siber su\u00e7lular bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kullanmaya ba\u015flad\u0131\u011f\u0131nda ne \u00e7apta bir sorun ya\u015fanaca\u011f\u0131n\u0131 kestirmek \u00e7ok g\u00fc\u00e7. Ancak d\u00fc\u015f\u00fcn\u00fcn ki birisi t\u00fcm d\u00fcnya \u00fczerindeki banka kasalar\u0131n\u0131n anahtarlar\u0131n\u0131 eline ge\u00e7irmi\u015f olsun. Bu durum ilk ba\u015fta \u00e7ok k\u00f6t\u00fc g\u00f6r\u00fcnse de asl\u0131nda kasalar\u0131n i\u00e7inde ne oldu\u011funa ba\u011fl\u0131 olarak de\u011fi\u015fir.<\/p>\n<p>Umar\u0131m yak\u0131n zaman i\u00e7inde b\u00f6yle bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ile daha kar\u015f\u0131la\u015fmay\u0131z \u00e7\u00fcnk\u00fc belli ki bir s\u00fcre bununla u\u011fra\u015f\u0131yor olaca\u011f\u0131z. Unutulmamal\u0131d\u0131r ki yaz\u0131l\u0131m sadece yaz\u0131l\u0131md\u0131r ve her zaman g\u00fcvenlik a\u00e7\u0131klar\u0131 olacakt\u0131r. \u00c7al\u0131nabilecek veriler ve hassas verileri zararl\u0131 yaz\u0131l\u0131mlara kar\u015f\u0131 korumak i\u00e7in yedeklemeyi ve kriptolamay\u0131 ihmal etmemelisiniz. E\u011fer verileriniz birileri taraf\u0131ndan ele ge\u00e7irilirse onu i\u015fe yaramaz hale getirmek i\u00e7in hemen gerekeni yapmal\u0131s\u0131n\u0131z.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Blog yaz\u0131lar\u0131ndaki amac\u0131m\u0131z sadece zararl\u0131 yaz\u0131l\u0131mlar\u0131 ve g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 analiz etmek, en son g\u00fcvenlik tehditlerinden bahsetmek de\u011fil. Amac\u0131m\u0131z ayn\u0131 zamanda kullan\u0131c\u0131lara nas\u0131l kendi g\u00fcvenliklerini in\u015fa edebileceklerini a\u00e7\u0131klamak ve onlar\u0131 e\u011fitmek.<\/p>\n","protected":false},"author":350,"featured_media":1101,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[744,558,557,562],"class_list":{"0":"post-1100","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-guvenlik","9":"tag-heartbleed","10":"tag-kriptolama","11":"tag-ssl"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/heartbleed-bize-ne-ogretti\/1100\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik\/","name":"G\u00fcvenlik"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/350"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=1100"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1100\/revisions"}],"predecessor-version":[{"id":7751,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1100\/revisions\/7751"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/1101"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=1100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=1100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=1100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}