{"id":9569,"date":"2021-04-27T14:21:12","date_gmt":"2021-04-27T11:21:12","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9569"},"modified":"2021-04-27T14:21:12","modified_gmt":"2021-04-27T11:21:12","slug":"trello-data-leaks","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/trello-data-leaks\/9569\/","title":{"rendered":"Trello veri s\u0131z\u0131nt\u0131s\u0131"},"content":{"rendered":"

Bas\u0131nda \u00e7\u0131kan baz\u0131 haberlere g\u00f6re<\/a>, y\u00fczlerce b\u00fcy\u00fck ve binlerce k\u00fc\u00e7\u00fck \u015firketin kullan\u0131c\u0131lar\u0131na ait veriler Trello\u2019dan s\u0131zd\u0131r\u0131ld\u0131. Bu kelimenin ger\u00e7ek anlam\u0131yla bir s\u0131z\u0131nt\u0131 de\u011fildi; \u015eirketler y\u0131llard\u0131r Trello\u2019yu, gizlilik ayarlar\u0131n\u0131n d\u00fczg\u00fcn bir \u015fekilde yap\u0131land\u0131r\u0131l\u0131p yap\u0131land\u0131r\u0131lmad\u0131\u011f\u0131na dikkat etmeden kullan\u0131yorlard\u0131. Bug\u00fcn ya\u015fanan olay ise, baz\u0131 ara\u015ft\u0131rmac\u0131lar\u0131n bu ayarlar\u0131n bilgileri halka a\u00e7\u0131k hale getirmesiyle ilgili.<\/p>\n

Do\u011frusunu isterseniz, her y\u0131l \u00f6nemli verilerini herkese a\u00e7\u0131k bir \u015fekilde Trello\u2019da depolayan bir \u015firketin raporlar\u0131na ili\u015fkin haberler \u00e7\u0131k\u0131yor. Ara\u015ft\u0131rmac\u0131 Kushagra Pathak, \u00fc\u00e7 y\u0131l \u00f6nce Medium\u2019daki yaz\u0131s\u0131nda bu konuya dikkat \u00e7ekmeye \u00e7al\u0131\u015ft\u0131<\/a>. Ne yaz\u0131k ki, bu t\u00fcr uyar\u0131lar genellikle k\u0131s\u0131tl\u0131 bir etkiyle sahip olma e\u011filimindedir.<\/p>\n

Neler, neden s\u0131zd\u0131?<\/h2>\n

Trello \u00fcyeleri, projeler \u00fczerinde i\u015fbirli\u011fi i\u00e7inde \u00e7al\u0131\u015fmak i\u00e7in panolar\u0131 kullan\u0131r. Panolar varsay\u0131lan olarak \u00f6zeldir \u2014 ekip d\u0131\u015f\u0131ndaki hi\u00e7 kimse taraf\u0131ndan g\u00f6r\u00fcnt\u00fclenemez \u2014 ancak kullan\u0131c\u0131lar\u0131n tak\u0131mda olmayan birine panoyu g\u00f6stermesi gerekti\u011finde, panonun g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fcn\u00fc herkese a\u00e7\u0131k<\/em> olarak ayarlarlar. Bu noktada, herhangi bir kullan\u0131c\u0131 sahip oldu\u011fu ba\u011flant\u0131 ile do\u011frudan panoyu a\u00e7abilir ve arama motorlar\u0131 panoda yer alan bilgileri indeksleyebilir. Her panoya olan eri\u015fim ayr\u0131 \u015fekilde yap\u0131land\u0131r\u0131l\u0131r.<\/p>\n

Amac\u0131na uygun \u015fekilde olu\u015fturulmu\u015f bir arama sorgusu ile bir \u00e7ok \u015firkete ait \u00e7ok say\u0131da halka a\u00e7\u0131k panoya eri\u015filebilir. \u00c7e\u015fitli ara\u015ft\u0131rmac\u0131lar\u0131n ke\u015ffetti\u011fi ve yay\u0131nlad\u0131\u011f\u0131 bu panolar\u0131n aras\u0131nda, internet sitelerine ait giri\u015f bilgileri, taranm\u0131\u015f belgeler ve gizli i\u015f tart\u0131\u015fmalar\u0131n\u0131n da oldu\u011fu panolar bulunuyor.<\/p>\n

\u015eirketinizin Trello \u00e7al\u0131\u015fma alan\u0131na yetkisiz eri\u015fim sa\u011flanmas\u0131, herhangi bir gizli belge veya parola bulunmasa bile sizin i\u00e7in sorun yaratabilir. Sald\u0131rganlar, sosyal m\u00fchendislik sald\u0131r\u0131lar\u0131n\u0131 daha inand\u0131r\u0131c\u0131 hale getirmek i\u00e7in i\u015f bilgilerini kullanabilirler. \u00d6rne\u011fin bir \u00e7al\u0131\u015fanla yapt\u0131klar\u0131 bir yaz\u0131\u015fmada mevcut bir projenin ayr\u0131nt\u0131lar\u0131ndan bahsederek \u00e7al\u0131\u015fan\u0131n sald\u0131r\u0131y\u0131 fark etmesinin \u00f6n\u00fcne ge\u00e7ebilirler.<\/p>\n

Trello\u2019yu bilgileri gizli tutacak \u015fekilde yap\u0131land\u0131rma<\/h2>\n

Yaln\u0131zca iki ayar\u0131 de\u011fi\u015ftirerek, arama motorlar\u0131n\u0131n Trello \u00e7al\u0131\u015fma alan\u0131n\u0131zdaki verileri indekslemesini \u00f6nleyebilirsiniz. \u00c7al\u0131\u015fma alan\u0131 g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fcnden \u00e7ok as\u0131l \u00f6nemli olan her bir panonun g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fcd\u00fcr.<\/p>\n

\u00c7al\u0131\u015fma alanlar\u0131nda iki g\u00f6r\u00fcn\u00fcrl\u00fck ayar\u0131 bulunur: \u00d6zel ve herkese a\u00e7\u0131k. Se\u00e7ilecek ayar bellidir.<\/p>\n

\u00a0<\/p>\n

\"\"<\/p>\n

Panolarda daha fazla se\u00e7enek bulunur: \u00d6zel (yaln\u0131zca pano \u00fcyelerinin eri\u015fimi vard\u0131r), \u00e7al\u0131\u015fma alan\u0131 (t\u00fcm \u00e7al\u0131\u015fma alan\u0131 \u00fcyelerinin eri\u015fimi vard\u0131r), organizasyon (t\u00fcm \u00e7al\u0131\u015fanlar\u0131n eri\u015fimi vard\u0131r \u2014 bu yaln\u0131zca kurumsal hesaplar i\u00e7indir) ve herkese a\u00e7\u0131k (herkesin eri\u015fimi vard\u0131r). Mevcut Trello aray\u00fcz\u00fc, g\u00f6r\u00fcn\u00fcrl\u00fck se\u00e7eneklerini yeterince a\u00e7\u0131k bir tan\u0131ml\u0131yor ve a\u00e7\u0131klamalarda web gezginlerinin yaln\u0131zca herkese a\u00e7\u0131p panolara eri\u015febilece\u011fi belirtiliyor. Bu nedenle herkese a\u00e7\u0131k se\u00e7ene\u011finden ba\u015fka herhangi se\u00e7ene\u011fin se\u00e7ilmesi s\u00f6zde s\u0131z\u0131nt\u0131y\u0131 \u00f6nleyebilirdi.<\/p>\n

\"\"<\/p>\n

\u00a0<\/p>\n

\u0130\u015fle ilgili bilgi payla\u015f\u0131m\u0131n\u0131n en az say\u0131da \u00e7al\u0131\u015fanla s\u0131n\u0131rland\u0131r\u0131lmas\u0131 gerekti\u011fini d\u00fc\u015f\u00fcn\u00fcyoruz ve bu nedenle \u00f6zel se\u00e7ene\u011fini kullanmak her zaman daha iyidir. Bu biraz daha fazla i\u015f y\u00fck\u00fc yaratacakt\u0131r \u2014 birisinin her panele kimin eri\u015febilece\u011fini y\u00f6netmesi gerekir \u2014 ancak bilgi b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fcn sa\u011flanmas\u0131na yard\u0131mc\u0131 olur.<\/p>\n

G\u00fcvenli i\u015fbirli\u011finin sa\u011flanmas\u0131<\/h2>\n

Trello panolar\u0131n\u0131z\u0131 uygun g\u00f6r\u00fcn\u00fcrl\u00fck ayarlar\u0131 ile yap\u0131land\u0131rmak, bilgilerin halka a\u00e7\u0131k hale gelmesini \u00f6nleyecektir. Ayr\u0131ca \u015fu di\u011fer \u00f6nemli \u00f6nlemleri de g\u00f6z \u00f6n\u00fcnde bulundurun:<\/p>\n