{"id":6345,"date":"2019-08-21T11:19:56","date_gmt":"2019-08-21T08:19:56","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=6345"},"modified":"2022-05-05T14:26:44","modified_gmt":"2022-05-05T11:26:44","slug":"tracking-ids-bug","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/tracking-ids-bug\/6345\/","title":{"rendered":"Kaspersky \u00fcr\u00fcnlerindeki bir hatan\u0131n g\u00f6zetleme i\u00e7in kullan\u0131labilece\u011fini duydum. Do\u011fru mu?"},"content":{"rendered":"

Kaspersky’nin m\u00fc\u015fterilerini g\u00f6zetledi\u011fine veya ba\u015fkalar\u0131n\u0131n g\u00f6zetlemesine yard\u0131mc\u0131 oldu\u011funa dair s\u00f6ylentiler duymu\u015f olabilirsiniz. Bu iddialar\u0131n baz\u0131lar\u0131na halihaz\u0131rda cevap verdik, fakat son g\u00fcnlerde Kaspersky’nin kullan\u0131c\u0131lar\u0131 siteler aras\u0131 takibe maruz b\u0131rakt\u0131\u011f\u0131na dair yeni s\u00f6ylentiler \u00e7\u0131kt\u0131. Bu k\u0131sa g\u00f6nderide bu s\u00f6ylentiyi ele alaca\u011f\u0131z.<\/p>\n

Ne oldu?<\/h2>\n

c’t<\/em> dergisinden Ronald Eikenberg adl\u0131 bir gazeteci, kullan\u0131c\u0131lar internet sitelerini ziyaret ederken Kaspersky t\u00fcketici \u00fcr\u00fcnlerinin komutlarda \u00f6zel kimlik tan\u0131t\u0131c\u0131lar\u0131 kulland\u0131\u011f\u0131n\u0131 ve bunlar\u0131n kullan\u0131c\u0131 kimliklerini tespit etmek i\u00e7in kullan\u0131labilece\u011fini yazd\u0131.<\/p>\n

(CVE-2019-8286 ad\u0131yla an\u0131lan) bu problem; Kaspersky Internet Security 2019, Kaspersky Total Security 2019, Kaspersky Anti-Virus 2019, Kaspersky Small Office Security 6 ve Kaspersky Free Antivirus 2019 \u00fcr\u00fcnlerinin yan\u0131 s\u0131ra bu yaz\u0131l\u0131m paketlerinin \u00f6nceki s\u00fcr\u00fcmlerini de etkiliyordu. Eikenberg bizimle ileti\u015fime ge\u00e7ti; biz de problemin \u00e7\u00f6z\u00fclmesini sa\u011flad\u0131k. Etkilenen t\u00fcm \u00fcr\u00fcnlere y\u00f6nelik yamalar Haziran ay\u0131nda yay\u0131nland\u0131 ve \u00e7ok say\u0131da kullan\u0131c\u0131 \u00e7oktan \u00fcr\u00fcn\u00fc g\u00fcncelledi.<\/p>\n

Sorun neydi?<\/h2>\n

Kaspersky t\u00fcketici \u00fcr\u00fcn\u00fc kullan\u0131c\u0131lar\u0131n\u0131n y\u00fckledi\u011fi her sayfaya, di\u011fer bilgilerin yan\u0131 s\u0131ra kullan\u0131c\u0131ya \u00f6zg\u00fc 32 karakterlik bir kod i\u00e7eren bir komut eklenir ve bu kod, ayn\u0131 kullan\u0131c\u0131 i\u00e7in t\u00fcm di\u011fer Web sayfalar\u0131nda da ayn\u0131 kal\u0131r.<\/p>\n

Bu durum, bu sayfalar\u0131 bar\u0131nd\u0131ran sitelerin sahiplerine belirli bir Kaspersky \u00fcr\u00fcn\u00fc kullan\u0131c\u0131s\u0131n\u0131n di\u011fer sitelerini de ziyaret edip etmedi\u011fini ya da ayn\u0131 siteye geri d\u00f6n\u00fcp d\u00f6nmedi\u011fini takip etme olana\u011f\u0131 yaratabilir. \u00d6te yandan b\u00f6yle bir takibin i\u015fleyebilmesi i\u00e7in siteler aras\u0131 bir bilgi al\u0131\u015fveri\u015fi olmas\u0131 gerekir; bu durumda takip, gizli moddayken bile i\u015fler.<\/p>\n

Sorun giderildi mi?<\/h2>\n

Evet, 7 Haziran 2019’da bu sorunu gideren bir yama yay\u0131nlad\u0131k. Yama, etkilenen \u00fcr\u00fcnlerin t\u00fcm kullan\u0131c\u0131lar\u0131na iletildi. Yani d\u00fczeltmeyi uygulamak i\u00e7in hi\u00e7bir \u015fey yapman\u0131za gerek yok. Bu tarihten itibaren bilgisayar\u0131n\u0131z internete ba\u011fland\u0131ysa ve \u00fcr\u00fcn\u00fcn g\u00fcncellenmesine izin verdiyseniz yama zaten y\u00fcklenmi\u015ftir.<\/p>\n

G\u00fcncelenen t\u00fcm Kaspersky \u00fcr\u00fcnleri, b\u00fct\u00fcn kullan\u0131c\u0131lara ayn\u0131 kimlik tan\u0131t\u0131c\u0131 setini veriyor. B\u00f6ylece yaln\u0131zca kullan\u0131lan \u00fcr\u00fcn t\u00fcr\u00fc anla\u015f\u0131labiliyor (ister Kaspersky Anti-Virus, ister Kaspersky Internet Security ya da ba\u015fka bir \u00fcr\u00fcn olsun). Bu kimlik tan\u0131t\u0131c\u0131lar ki\u015fiye \u00f6zg\u00fc de\u011fil; dolay\u0131s\u0131yla takip i\u00e7in kullan\u0131lam\u0131yorlar.<\/p>\n

Bu sorun neden ya\u015fand\u0131?<\/h2>\n

Kaspersky \u00fcr\u00fcnleri, web sayfalar\u0131 \u00e7al\u0131\u015fmaya ba\u015flamadan \u00f6nce potansiyel k\u00f6t\u00fc ama\u00e7l\u0131 komutlar\u0131 tespit edebilmek i\u00e7in y\u00fcklendi\u011fi s\u0131rada sayfaya bir JavaScript kodu ekler. Bu \u00f6zellik, Kaspersky \u00fcr\u00fcnlerine \u00f6zg\u00fc de\u011fildir; web antivir\u00fcs programlar\u0131 genel olarak b\u00f6yle \u00e7al\u0131\u015f\u0131r. Bizim JavaScript kodumuz da \u00f6nceden ki\u015fiye \u00f6zg\u00fc olup art\u0131k her kullan\u0131c\u0131da ayn\u0131 olacak \u015fekilde de\u011fi\u015ftirilen bu kimlik tan\u0131t\u0131c\u0131y\u0131 i\u00e7eriyordu.<\/p>\n

Peki bu neden b\u00fcy\u00fck bir mesele de\u011fil?<\/h2>\n

Medya bazen dikkat \u00e7ekmek i\u00e7in sorunlar\u0131 oldu\u011fundan b\u00fcy\u00fck g\u00f6sterir. Bu olayda da ayn\u0131s\u0131 ya\u015fand\u0131. Teorik olarak bu sorun, ger\u00e7ekten de potansiyel baz\u0131 sonu\u00e7lar do\u011furabilirdi. Do\u011furabilece\u011fi sonu\u00e7lardan \u00fc\u00e7\u00fcn\u00fc \u015f\u00f6yle s\u0131ralayabiliriz:<\/p>\n

Birincisini yukar\u0131da anlatt\u0131k: Pazarlamac\u0131lar teorik olarak bu kimlikleri web sitelerini ziyaret eden ki\u015fileri hedef almak i\u00e7in kullanabilirdi. Bununla birlikte, olu\u015fturabilecekleri profiller olduk\u00e7a zay\u0131f olurdu. Kullan\u0131c\u0131lar\u0131 takip etmek i\u00e7in Facebook’un veya Google’\u0131n sistemleri gibi ger\u00e7ek reklam sistemlerine bel ba\u011flamak \u00e7ok daha kolay. \u00dcstelik bu sistemler pazarlamac\u0131ya kullan\u0131c\u0131 hakk\u0131nda daha fazla bilgi sa\u011fl\u0131yor. Web sitesi sahiplerinin \u00e7o\u011fu da bunu yap\u0131yor. Dolay\u0131s\u0131yla bu ama\u00e7la g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinin kimlik tan\u0131t\u0131c\u0131lar\u0131n\u0131 kullanman\u0131n bir anlam\u0131 yok.<\/p>\n

\u0130kinci olas\u0131 sonu\u00e7, k\u00f6t\u00fc ama\u00e7l\u0131 birilerinin bu adresleri toplayarak yaln\u0131zca Kaspersky \u00fcr\u00fcn\u00fc kullan\u0131c\u0131lar\u0131n\u0131 hedef alan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar olu\u015fturmas\u0131 ve bunlar\u0131 bu ki\u015filer aras\u0131nda yaymas\u0131 olurdu. Bu, kullan\u0131c\u0131 taraf\u0131nda Web sayfas\u0131 kodunu de\u011fi\u015ftiren her program i\u00e7in ge\u00e7erli. Senaryo \u00e7ok akla yatk\u0131n de\u011fil; sald\u0131rgan\u0131n yaln\u0131zca b\u00f6yle bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yaratmas\u0131 yeterli olmazd\u0131, ayn\u0131 zamanda hedefine iletmeli ve \u00e7al\u0131\u015ft\u0131rmal\u0131yd\u0131. Bu da kullan\u0131c\u0131y\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 bir web sitesine \u00e7ekmesini gerektirirdi. Ancak kimlik av\u0131 \u00f6nleme ve web antivir\u00fcs yaz\u0131l\u0131mlar\u0131m\u0131z kullan\u0131c\u0131lar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 sitelerden zaten uzak tutuyor.<\/p>\n

\u00dc\u00e7\u00fcnc\u00fcs\u00fc: Web sitesi ziyaret\u00e7ilerinin veri taban\u0131, kimlik av\u0131 i\u00e7in kullan\u0131labilirdi. Ortaya \u00e7\u0131kabilecek en olas\u0131 sonu\u00e7 bu. \u00d6te yandan bu, k\u00f6t\u00fc ama\u00e7l\u0131 ki\u015fi i\u00e7in pek de iyi bir se\u00e7im olmazd\u0131. Herkese a\u00e7\u0131k bilgileri veya en son veri s\u0131z\u0131nt\u0131lar\u0131n\u0131 kullanmak \u00e7ok daha kolay olurdu.<\/p>\n

Sonu\u00e7ta hi\u00e7 kimse bu \u00f6zel kimlikleri k\u00f6t\u00fcye kullanan herhangi bir k\u00f6t\u00fc ama\u00e7l\u0131 aktivite g\u00f6zlemlemedi. Art\u0131k sorun da \u00e7\u00f6z\u00fcld\u00fc\u011f\u00fcne g\u00f6re, k\u00f6t\u00fc ama\u00e7l\u0131 ki\u015filerin bunlardan faydalanabilmesi i\u00e7in \u00e7ok ge\u00e7.<\/p>\n

Yani, evet, “Kaspersky g\u00f6zetlemeye izin veriyor,” \u00e7ok abart\u0131lm\u0131\u015f bir ifade. \u00dc\u00e7\u00fcnc\u00fc taraflardan \u00e7ok d\u00fc\u015f\u00fck bir takip olas\u0131l\u0131\u011f\u0131na \u00e7ok s\u0131n\u0131rl\u0131 \u00f6l\u00e7\u00fcde imkan sa\u011flayabilecek bir hata vard\u0131, fakat \u015fu anda giderilmi\u015f durumda.<\/p>\n

Ben ne yapmal\u0131y\u0131m?<\/h2>\n

\u00c7\u00f6z\u00fcm\u00fc uygulamak, g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcz\u00fcn kendisini g\u00fcncellemesine izin vermek kadar kolay. Bunu zaten ola\u011fan olarak \u00f6neriyoruz.<\/p>\n

    \n
  • Kaspersky g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcz\u00fcn g\u00fcncellenmi\u015f olup olmad\u0131\u011f\u0131n\u0131 kontrol edin. B\u00fcy\u00fck olas\u0131l\u0131kla g\u00fcncellenmi\u015ftir, fakat g\u00fcncellenmediyse optimum koruma sa\u011flamak i\u00e7in g\u00fcncellemenizi \u00f6neriyoruz. \u00dcr\u00fcn\u00fc g\u00fcncellemek i\u00e7in, sistem \u00e7ubu\u011fundaki simgesine t\u0131klay\u0131n ve men\u00fcden G\u00fcncelle<\/em> se\u00e7ene\u011fini se\u00e7in. Kaspersky 2020 kullan\u0131c\u0131lar\u0131 da ayn\u0131s\u0131n\u0131 yapmal\u0131; ilk s\u00fcr\u00fcmler, sorunu gidermek i\u00e7in yamaya ihtiya\u00e7 duyuyor.<\/li>\n
  • Yine de web sitelerinin bir Kaspersky \u00e7\u00f6z\u00fcm\u00fc kulland\u0131\u011f\u0131n\u0131z\u0131 \u00f6\u011frenmesinden endi\u015fe ediyorsan\u0131z komut ekleme \u00f6zelli\u011fini devre d\u0131\u015f\u0131 b\u0131rak\u0131n. Bunun i\u00e7in Ayarlar – Ek – A\u011f<\/em> ayarlar\u0131na girin. Trafik i\u015fleme<\/em> alt\u0131nda yer alan web sayfalar\u0131yla etkile\u015fim i\u00e7in web trafi\u011fine komut ekle<\/em> se\u00e7ene\u011findeki i\u015fareti kald\u0131r\u0131n. \u00d6te yandan, bunu yapt\u0131\u011f\u0131n\u0131zda g\u00fcvenlik d\u00fczeyinizin d\u00fc\u015fece\u011fini ve bunu \u00f6nermedi\u011fimizi akl\u0131n\u0131zdan \u00e7\u0131karmay\u0131n.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

    Kaspersky t\u00fcketici \u00fcr\u00fcnlerinde yeni ke\u015ffedilen (ve \u00e7oktan d\u00fczeltilen) hata hakk\u0131ndaki ger\u00e7ekler.<\/p>\n","protected":false},"author":2706,"featured_media":6346,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1285],"tags":[744,672,352,1401,551],"class_list":{"0":"post-6345","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-products","8":"tag-guvenlik","9":"tag-izleme","10":"tag-kaspersky-lab","11":"tag-medya","12":"tag-urunler-2"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/tracking-ids-bug\/6345\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/tracking-ids-bug\/16520\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/tracking-ids-bug\/13923\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/tracking-ids-bug\/6466\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/tracking-ids-bug\/18470\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/tracking-ids-bug\/16563\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/tracking-ids-bug\/15163\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/tracking-ids-bug\/19086\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/tracking-ids-bug\/17811\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/tracking-ids-bug\/23418\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/tracking-ids-bug\/27979\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/tracking-ids-bug\/12129\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/tracking-ids-bug\/12211\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/tracking-ids-bug\/11078\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/tracking-ids-bug\/19958\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/tracking-ids-bug\/10141\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/tracking-ids-bug\/18875\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/tracking-ids-bug\/23231\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/tracking-ids-bug\/23164\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/urunler-2\/","name":"\u00fcr\u00fcnler"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=6345"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6345\/revisions"}],"predecessor-version":[{"id":6742,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6345\/revisions\/6742"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/6346"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=6345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=6345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=6345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}