{"id":9191,"date":"2021-01-14T11:36:04","date_gmt":"2021-01-14T08:36:04","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9191"},"modified":"2021-01-14T11:36:04","modified_gmt":"2021-01-14T08:36:04","slug":"cinderella-cybersecurity-fairy-tale","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/cinderella-cybersecurity-fairy-tale\/9191\/","title":{"rendered":"K\u00fclkedisi ve imza tabanl\u0131 tespit"},"content":{"rendered":"<p>Eski zamanlarda insanlar, ortaya \u00e7\u0131kmas\u0131na daha y\u00fczy\u0131llar, hatta bin y\u0131llar olan teknolojilere do\u011fal olarak pek <em>hakim olmad\u0131\u011f\u0131ndan dolay\u0131<\/em>, masallardaki siber g\u00fcvenlik derslerini bulmak i\u00e7in biraz u\u011fra\u015fmak gerekiyor. Tan\u0131d\u0131k <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/tag\/gercek\/\" target=\"_blank\" rel=\"noopener\">peri masallar\u0131<\/a> metaforlar, varsay\u0131mlar ve edebi p\u0131r\u0131lt\u0131larla sarmaland\u0131\u011f\u0131 i\u00e7in orijinal anlamlar\u0131 bozulabiliyor veya tamamen kaybolabiliyor. Neyse ki, K\u00fclkedisi bu kaderden ka\u00e7may\u0131 ba\u015farm\u0131\u015f bir masal.<\/p>\n<p>Masal\u0131n en eski versiyonu bir M\u0131s\u0131r papir\u00fcs\u00fcne kaydedilmi\u015f; yani K\u00fclkedisi Avrupa halk hikayelerinden biri de\u011fil. \u00d6zetle, s\u0131k\u0131nt\u0131 i\u00e7indeyken do\u011fa\u00fcst\u00fc bir varl\u0131\u011f\u0131n yard\u0131m\u0131yla geleneksel mutlulu\u011fu bulan gen\u00e7 bir kad\u0131n\u0131n hikayesini anlat\u0131yor. (Bu do\u011fa\u00fcst\u00fc varl\u0131k, Charles Perrault\u2019nun versiyonunda K\u00fclkedisi\u2019nin peri vaftiz annesiyken, Grimm Karde\u015flerin koleksiyonunda K\u00fclkedisi\u2019nin annesinin mezar\u0131nda b\u00fcy\u00fcyen bir a\u011fa\u00e7. Eski M\u0131s\u0131r yorumunda ise ayn\u0131 rol\u00fc tanr\u0131 Horus \u00fcstlenmi\u015f. Bu t\u00fcr ufak farkl\u0131l\u0131klar masal\u0131n as\u0131l mesaj\u0131n\u0131 de\u011fi\u015ftirmiyor.)<\/p>\n<p>Hepsindeki ortak unsur (ve siber g\u00fcvenlik a\u00e7\u0131s\u0131ndan en \u00f6nemli husus) ise hikayenin eksenini olu\u015fturan camdan ayakkab\u0131 olay\u0131. M\u0131s\u0131rl\u0131 asl\u0131n\u0131n egzotikli\u011fine ra\u011fmen biz bu yaz\u0131da okuyucunun en iyi bildi\u011fi Avrupa versiyonlar\u0131n\u0131 ele alaca\u011f\u0131z.<\/p>\n<h2>Sahte kimlik<\/h2>\n<p>Hadi ba\u015flayal\u0131m. Kahraman\u0131m\u0131z, babas\u0131, \u00fcvey annesi ve \u00fcvey karde\u015fleriyle bir evde ya\u015f\u0131yor. Tah\u0131l ay\u0131klama gibi basit i\u015flerle g\u00f6revlendirilen K\u00fclkedisi, g\u00fcvercinlerin ve kumrular\u0131n yard\u0131m\u0131yla angarya i\u015flerini otomatikle\u015ftirmeye \u00e7al\u0131\u015f\u0131yor. Bu durum, hikayenin en eski versiyonunda bile muhtemelen fiziksel nesneleri de\u011fil, b\u00fcy\u00fck miktarda veriyi s\u0131n\u0131fland\u0131rmaya bir referans.<\/p>\n<p>K\u00fclkedisi bir yandan da kral\u0131n saray\u0131ndaki bir baloya gitmeyi hayal ediyor, ancak gidemiyor. \u0130\u015fleri y\u00fcz\u00fcnden de\u011fil, i\u00e7eri girmesine izin verilmeyece\u011fi i\u00e7in. Baloya kat\u0131lmak i\u00e7in g\u00fczel bir elbiseye ve bir arabaya ihtiyac\u0131 var, ancak ailesi yard\u0131m etmeyi reddediyor. Yard\u0131m\u0131na peri vaftiz annesi ko\u015fuyor; bir balkaba\u011f\u0131n\u0131 arabaya, fareleri birer ata, birka\u00e7 pa\u00e7avray\u0131 ise bir elbiseye d\u00f6n\u00fc\u015ft\u00fcr\u00fcyor.<\/p>\n<p>Peri vaftiz anne, esas\u0131nda baloya gizlice kat\u0131labilmesi i\u00e7in K\u00fclkedisi\u2019ne sahte bir kimlik yarat\u0131yor. Eski g\u00fcnlerde <em>hacker<\/em> diye bir kelime olmad\u0131\u011f\u0131n\u0131 ve insanlar\u0131n bu t\u00fcr \u201cb\u00fcy\u00fcleri\u201d b\u00fcy\u00fcc\u00fclere ve sihirbazlara ba\u011flad\u0131\u011f\u0131n\u0131 unutmay\u0131n. B\u0131rak\u0131n eski g\u00fcnleri, \u015fimdi bile hackerlar pop\u00fcler k\u00fclt\u00fcrde her \u015feye g\u00fcc\u00fc yeten tekno \u015famanlar olarak tasvir ediliyor!<\/p>\n<p>Baloya girmek i\u00e7in davetiye (yani, ilk kimlik do\u011frulama) gerekmiyor, bu nedenle K\u00fclkedisi\u2019nin tek yapmas\u0131 gereken giri\u015fte kaydolmak. Sorun \u015fu ki, orijinal kimli\u011fi se\u00e7im kriterlerine uymuyor, dolay\u0131s\u0131yla peri vaftiz annesi sahte kimli\u011fini olu\u015ftururken bu kriterleri hesaba kat\u0131yor.<\/p>\n<h2>Dijital sertifika<\/h2>\n<p>K\u00fclkedisi\u2019nin kimlik de\u011fi\u015fikli\u011finin ayr\u0131nt\u0131lar\u0131 k\u0131sa s\u00fcrede netle\u015fiyor ve peri vaftiz annesi taraf\u0131ndan yeni imaj\u0131n\u0131n gece yar\u0131s\u0131 kaybolaca\u011f\u0131 konusunda uyar\u0131l\u0131yor. Gece yar\u0131s\u0131 oldu\u011funda herkes K\u00fclkedisi\u2019nin \u00fcst\u00fcnde g\u00fczel bir elbise de\u011fil, pa\u00e7avralar; atlar ve hizmetkarlar\u0131n yerine de fareler g\u00f6recek. Peki, masaldaki bu ayr\u0131nt\u0131n\u0131n alt\u0131nda ne yat\u0131yor olabilir? Orta\u00e7a\u011f Avrupas\u0131\u2019n\u0131n ger\u00e7eklerine g\u00f6re de\u011ferlendirirsek hi\u00e7bir \u015fey yatm\u0131yor. Yaln\u0131zca bir t\u00fcr yapay s\u0131n\u0131rlama gibi g\u00f6r\u00fcn\u00fcyor. Oysa gece yar\u0131s\u0131 tam olarak ne oldu\u011funu hat\u0131rlayal\u0131m: Tarih de\u011fi\u015fir.<\/p>\n<p>Bir internet sitesinin SSL sertifikas\u0131n\u0131 yenilemeyi unutan herkes bu senaryoyu \u00e7ok iyi anlayacakt\u0131r. Kelimenin tam anlam\u0131yla bir saniye \u00f6nce sertifika ge\u00e7erlidir ve kullan\u0131c\u0131lar sakin sakin sitenizde gezinmektedir. Bir saniye sonra ise sertifikan\u0131n s\u00fcresi dolar ve taray\u0131c\u0131lar sitenizin i\u00e7eri\u011fi yerine uyar\u0131lar ve taslaklar g\u00f6r\u00fcnt\u00fclemeye ba\u015flar. Yani saatler gece yar\u0131s\u0131n\u0131 g\u00f6sterdi\u011finde internet siteniz bir balkaba\u011f\u0131na d\u00f6n\u00fc\u015f\u00fcr.<\/p>\n<p>Sertifikalar da, eri\u015fim anahtarlar\u0131 olan dijital belirte\u00e7ler de kabaca ayn\u0131 \u015fekilde \u00e7al\u0131\u015f\u0131r. S\u0131n\u0131rl\u0131 bir s\u00fcre i\u00e7in ge\u00e7erlidirler; yani bir noktada dijital belirte\u00e7ler de \u00e7al\u0131\u015fmay\u0131 durdurur. Bunun \u00fczerine (her \u015feyin do\u011fru ayarland\u0131\u011f\u0131n\u0131 varsayarsak) sistem ba\u011flant\u0131y\u0131 an\u0131nda keser. Zavall\u0131 K\u00fclkedisi de baloda birdenbire bir \u00fc\u00e7ka\u011f\u0131t\u00e7\u0131ya d\u00f6n\u00fc\u015f\u00fcr. Peri vaftiz annesinin neden daha g\u00fcvenilir bir sertifika yapamad\u0131\u011f\u0131n\u0131 tam olarak bilemiyoruz; b\u00fcy\u00fck olas\u0131l\u0131kla bir <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/certificate-authorities\/\" target=\"_blank\" rel=\"noopener\">sertifika otoritesine<\/a> do\u011frudan eri\u015fimi yok.<\/p>\n<h2>\u0130mza tabanl\u0131 tespit<\/h2>\n<p>Zaman\u0131n\u0131n t\u00fckendi\u011fini fark eden K\u00fclkedisi, saraydan ka\u00e7arken bu s\u00fcre\u00e7te yeni kimli\u011finin tek ger\u00e7ek par\u00e7as\u0131 olan camdan ayakkab\u0131s\u0131n\u0131 kaybediyor. Grimm Karde\u015fler versiyonunun buras\u0131 \u00f6zellikle ilgi \u00e7ekici. Bu versiyonda ayakkab\u0131 kazara kaybolmuyor; prens, gizemli k\u0131z\u0131n bir par\u00e7as\u0131n\u0131 elde edip izini s\u00fcrebilmek i\u00e7in merdivenlere zift s\u00fcr\u00fcyor. Ba\u015fka bir deyi\u015fle, bir t\u00fcr siber tehdit tespit sistemi kuruyor. Prens daha sonra ayakkab\u0131y\u0131 \u201cK\u00fclkedisi\u201d t\u00fcr\u00fcndeki nesneleri tespit etmek i\u00e7in bir ara\u00e7 olarak kullan\u0131yor ve global bir arama ba\u015flatarak b\u00fct\u00fcn gen\u00e7 k\u0131zlar\u0131n ayaklar\u0131n\u0131 kontrol ediyor.<\/p>\n<p>Bir\u00e7ok antivir\u00fcs motoru da temel olarak bu \u015fekilde \u00e7al\u0131\u015f\u0131r. Antivir\u00fcs uzmanlar\u0131, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kodunun bir b\u00f6l\u00fcm\u00fcn\u00fc al\u0131r; ondan (hesaba dayal\u0131 adresleme ad\u0131 verilen) <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/hashing\/\" target=\"_blank\" rel=\"noopener\">bir \u201cayakkab\u0131\u201d<\/a> olu\u015fturur; ard\u0131ndan da bunu gelen verilerle e\u015fle\u015ftirir. Uzun s\u00fcredir ana tespit y\u00f6ntemimiz olmamas\u0131na ra\u011fmen biz de imza tabanl\u0131 tespit olarak adland\u0131r\u0131lan bu teknolojiyi \u00e7\u00f6z\u00fcmlerimizde kullan\u0131yoruz.<\/p>\n<h2>Hesaba dayal\u0131 adresleme sahtekarl\u0131\u011f\u0131 giri\u015fimi<\/h2>\n<p>\u0130lk peri masallar\u0131nda \u00fcrk\u00fct\u00fcc\u00fc bir \u015fekilde kana odaklanan Grimm Karde\u015fler, nedense bu dersi (ayakkab\u0131s\u0131z) bir ad\u0131m daha ileri g\u00f6t\u00fcr\u00fcyor. Kendi versiyonlar\u0131nda, K\u00fclkedisi\u2019nin \u00fcvey karde\u015fleri, ayakkab\u0131n\u0131n ayaklar\u0131na uymas\u0131 i\u00e7in ayaklar\u0131n\u0131 keserek hesaba dayal\u0131 adreslemeyi aldatmaya \u00e7al\u0131\u015f\u0131yorlar. Ancak hesaba dayal\u0131 adresleme sahtekarl\u0131\u011f\u0131 kolay bir \u015fey de\u011fil. Beklendi\u011fi \u00fczere, k\u0131z karde\u015flerin hesaba dayal\u0131 adreslemesi do\u011fru olmuyor ve prensin imza analiz motoru taraf\u0131ndan reddediliyor.<\/p>\n<p>Siz de bu hikayeyi ve yaz\u0131m\u0131z\u0131 kullanarak \u00e7ocuklar\u0131n\u0131za kimlik sahtecili\u011fi, dijital sertifikalar ve imza analizi gibi temel kavramlar\u0131 anlatabilirsiniz. Charles Perrault, Jacob ve Wilhelm Grimm gibi se\u00e7kin siber g\u00fcvenlik uzmanlar\u0131n\u0131n \u00e7abalar\u0131n\u0131 canl\u0131 tutmak i\u00e7in bu f\u0131rsattan yararlanman\u0131z\u0131 \u00f6neririz.<\/p>\n<p><strong><input type=\"hidden\" class=\"category_for_banner\" value=\"ksc\"><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00c7ocuklara temel siber g\u00fcvenlik ilkelerini \u00f6\u011fretmeye \u00e7al\u0131\u015fan en eski \u00f6yk\u00fclerden biri olan K\u00fclkedisi masal\u0131n\u0131 inceliyoruz.<\/p>\n","protected":false},"author":700,"featured_media":9192,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[995],"tags":[1867,2041,990],"class_list":{"0":"post-9191","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-gercek","9":"tag-peri-masallari","10":"tag-teknolojiler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/cinderella-cybersecurity-fairy-tale\/9191\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/cinderella-cybersecurity-fairy-tale\/22377\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/17865\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/8841\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/24049\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/cinderella-cybersecurity-fairy-tale\/22130\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/20804\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/cinderella-cybersecurity-fairy-tale\/24477\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/cinderella-cybersecurity-fairy-tale\/23654\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/cinderella-cybersecurity-fairy-tale\/29903\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/cinderella-cybersecurity-fairy-tale\/38291\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/cinderella-cybersecurity-fairy-tale\/16196\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/cinderella-cybersecurity-fairy-tale\/16791\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/cinderella-cybersecurity-fairy-tale\/14342\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/cinderella-cybersecurity-fairy-tale\/26018\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/cinderella-cybersecurity-fairy-tale\/29838\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/cinderella-cybersecurity-fairy-tale\/26554\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/cinderella-cybersecurity-fairy-tale\/23423\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/cinderella-cybersecurity-fairy-tale\/28750\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/cinderella-cybersecurity-fairy-tale\/28561\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/gercek\/","name":"ger\u00e7ek"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/700"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9191"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9191\/revisions"}],"predecessor-version":[{"id":9193,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9191\/revisions\/9193"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9192"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}