{"id":539,"date":"2014-04-11T18:01:39","date_gmt":"2014-04-11T15:01:39","guid":{"rendered":"http:\/\/sahinsolmaz.com\/blog\/?p=539"},"modified":"2022-06-30T12:01:42","modified_gmt":"2022-06-30T09:01:42","slug":"openssl-heartbleed-bug-guvenlik-acigi-yeni-fark-edildi","status":"publish","type":"post","link":"https:\/\/sahinsolmaz.com\/blog\/openssl-heartbleed-bug-guvenlik-acigi-yeni-fark-edildi\/","title":{"rendered":"OpenSSL Heartbleed Bug G\u00dcVENL\u0130K A\u00c7I\u011eI YEN\u0130 FARK ED\u0130LD\u0130!"},"content":{"rendered":"
En \u00e7ok bilinen web \u015fifreleme protokollerinden OpenSSL<\/strong>‘de b\u00fcy\u00fck bir a\u00e7\u0131k<\/strong> tespit edildi.<\/div>\n
\n
\n
<\/div>\n<\/div>\n<\/div>\n
\n

Heartbleed Bug<\/strong> ad\u0131 verilen g\u00fcvenlik a\u00e7\u0131\u011f\u0131 nedeniyle, kriptolu<\/strong> mesajlar iletilirken, mesaj\u0131n \u015fifresini \u00e7\u00f6zecek anahtara \u00fc\u00e7\u00fcnc\u00fc ki\u015filer de eri\u015febiliyor.<\/p>\n

G\u00dcVENL\u0130K A\u00c7I\u011eI YEN\u0130 FARK ED\u0130LD\u0130<\/h4>\n

Banka hesab\u0131 ya da e-mail adreslerine eri\u015fim gibi hassas g\u00fcvenlik \u00f6nlemleri i\u00e7in kullan\u0131lan OpenSSL<\/strong> yaz\u0131l\u0131m\u0131, \u015fifreler bir sunucudan di\u011ferine transfer edilirken mesajlar\u0131n kriptolanmas\u0131n\u0131 sa\u011fl\u0131yor. \u0130nternet kullan\u0131c\u0131lar\u0131 \u015fifreli i\u015flemlerini yaparken, bu yaz\u0131l\u0131m\u0131 da fark\u0131nda olmadan kullanm\u0131\u015f oluyor.<\/p>\n

Yakla\u015f\u0131k iki y\u0131ld\u0131r var oldu\u011fu tahmin edilen, ancak yeni fark edilen g\u00fcvenlik a\u00e7\u0131\u011f\u0131 nedeniyle internet \u015firketleri harekete ge\u00e7ti.<\/p>\n

Google’\u0131n g\u00fcvenlik departman\u0131ndan yap\u0131lan a\u00e7\u0131klamada, bilgisayar korsanlar\u0131n\u0131n OpenSSL kullan\u0131c\u0131lar\u0131na d\u00fczenleyece\u011fi siber sald\u0131r\u0131larla \u00f6nemli \u015fifre bilgilerini ele ge\u00e7irebilece\u011fi ifade edildi.<\/p>\n

Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n \u015fu ana kadar istismar edilip edilmedi\u011fi ise bilinmiyor. Google’\u0131n bulunan g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 kamuoyuyla payla\u015fmadan \u00f6nce \u00f6nemli servis sa\u011flay\u0131c\u0131lara iletti\u011fi ve sorunun giderildi\u011fi san\u0131l\u0131yor.<\/p>\n

“HAYAT\u0130 \u015e\u0130FRELER\u0130N\u0130Z\u0130 DE\u011e\u0130\u015eT\u0130R\u0130N”<\/h4>\n

Ancak yine de b\u00fcy\u00fck internet \u015firketlerinden kullan\u0131c\u0131lara \u015fifrelerin de\u011fi\u015ftirilmesi y\u00f6n\u00fcnde \u00e7a\u011fr\u0131lar yap\u0131l\u0131yor.<\/p>\n

Yahoo’nun blog platformu Tumblr, kullan\u0131c\u0131lar\u0131na\u00a0“Ba\u015fta bankac\u0131l\u0131k ve veri depolama sitelerinde olmak \u00fczere t\u00fcm hayati \u015fifrelerinizi de\u011fi\u015ftirin”<\/strong><\/em>\u00a0mesaj\u0131n\u0131 g\u00f6nderdi.<\/p>\n

BBC’nin sorular\u0131n\u0131 yan\u0131tlayan siber g\u00fcvenlik \u015firketi NCC Group da bulunan a\u00e7\u0131\u011f\u0131\u00a0“tehlikeli”<\/strong><\/em>olarak niteledi. \u015eirketin Y\u00f6netici ortaklar\u0131ndan Ollie Whitehouse, “Vasat d\u00fczeyde kod yazma bilgisi olan herhangi bir ki\u015fi siber sald\u0131r\u0131lar d\u00fczenleyerek \u00e7ok hassas bilgilere eri\u015febilir” dedi.<\/p>\n

“\u015e\u0130FRELER \u0130\u00c7\u0130N PAN\u0130\u011eE GEREK YOK”<\/h4>\n

D\u00fcnyadaki t\u00fcm internet kullan\u0131c\u0131lar\u0131n\u0131n \u015fifreleri y\u00fcz\u00fcnden pani\u011fe kap\u0131lmas\u0131n\u0131n yersiz olaca\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnenler de var.<\/p>\n

Cambridge<\/strong> \u00dcniversitesi Bilgisayar Laboratuvar\u0131’ndan yap\u0131lan a\u00e7\u0131klamada,\u00a0“Herkesin yapt\u0131\u011f\u0131 i\u015fi b\u0131rak\u0131p t\u00fcm \u015fifrelerini de\u011fi\u015ftirmesini istemek a\u015f\u0131r\u0131 bir tepki olur”\u00a0<\/strong><\/em>denildi ve \u015fu an i\u00e7in sadece d\u00fc\u015f\u00fck d\u00fczeyde bir risk bulundu\u011fu vurguland\u0131.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

En \u00e7ok bilinen web \u015fifreleme protokollerinden OpenSSL‘de b\u00fcy\u00fck bir a\u00e7\u0131k tespit edildi. Heartbleed Bug ad\u0131 verilen g\u00fcvenlik a\u00e7\u0131\u011f\u0131 nedeniyle, kriptolu mesajlar iletilirken, mesaj\u0131n \u015fifresini \u00e7\u00f6zecek anahtara \u00fc\u00e7\u00fcnc\u00fc ki\u015filer de eri\u015febiliyor. G\u00dcVENL\u0130K A\u00c7I\u011eI YEN\u0130 FARK ED\u0130LD\u0130 Banka hesab\u0131 ya da e-mail adreslerine eri\u015fim gibi hassas g\u00fcvenlik \u00f6nlemleri i\u00e7in kullan\u0131lan OpenSSL yaz\u0131l\u0131m\u0131, \u015fifreler bir sunucudan di\u011ferine transfer […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[257,256,691,255],"tags":[566,565,564,260,259,258],"class_list":["post-539","post","type-post","status-publish","format-standard","hentry","category-acik","category-bug","category-cyber-security","category-guvenlik","tag-acik","tag-bug","tag-guvenlik","tag-guvenlik-acigi","tag-heartbleed-bug","tag-openssl"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4sbm9-8H","jetpack-related-posts":[{"id":2023,"url":"https:\/\/sahinsolmaz.com\/blog\/yolda-buldugumuz-telefonu-guvenlik-acigindan-yararlanarak-sahibine-nasil-ulastirdik\/","url_meta":{"origin":539,"position":0},"title":"Yolda buldu\u011fumuz telefonu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanarak sahibine nas\u0131l ula\u015ft\u0131rd\u0131k?","author":"SahinSOLMAZ","date":"18 Eyl\u00fcl 2022","format":false,"excerpt":"Selamlar dostlar, Uzun bir aradan sonra sizlerle k\u00fc\u00e7\u00fck bir an\u0131m\u0131z\u0131 payla\u015fmak istedim. Birka\u00e7 dakika i\u00e7erisinde rahatl\u0131kla okuyabilece\u011finiz ve teknik olarak sizi yormayacak keyifli bir makale olaca\u011f\u0131n\u0131 umuyorum. :) Bundan yakla\u015f\u0131k 7-8 ay kadar \u00f6nceydi. Arkada\u015f\u0131m eve do\u011fru y\u00fcr\u00fcrken, soka\u011f\u0131n ba\u015f\u0131ndaki kald\u0131r\u0131mda bir cep telefonu buluyor. Eve geldi\u011finde, yolda bir telefon\u2026","rel":"","context":""CYBER SECURITY" i\u00e7inde","block_context":{"text":"CYBER SECURITY","link":"https:\/\/sahinsolmaz.com\/blog\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/yolda-buldugumuz-telefonu-guvenlik-acigi-sayesinde-sahibine-ulastirdik-3.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/yolda-buldugumuz-telefonu-guvenlik-acigi-sayesinde-sahibine-ulastirdik-3.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/yolda-buldugumuz-telefonu-guvenlik-acigi-sayesinde-sahibine-ulastirdik-3.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/yolda-buldugumuz-telefonu-guvenlik-acigi-sayesinde-sahibine-ulastirdik-3.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2022\/09\/yolda-buldugumuz-telefonu-guvenlik-acigi-sayesinde-sahibine-ulastirdik-3.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":752,"url":"https:\/\/sahinsolmaz.com\/blog\/gmail-hacklendi-5-milyon-mail-sifresi-yayinlandi-eylul-2014\/","url_meta":{"origin":539,"position":1},"title":"Gmail Hack’lendi! 5 Milyon Mail \u015eifresi Yay\u0131nland\u0131! – Eyl\u00fcl 2014","author":"SahinSOLMAZ","date":"11 Eyl\u00fcl 2014","format":false,"excerpt":"\u0130nsanl\u0131\u011f\u0131n varolu\u015fundan beridir s\u00fcregelen iyi ve k\u00f6t\u00fc kavram\u0131 hayat\u0131n her alan\u0131nda oldu\u011fu gibi, g\u00fcn\u00fcm\u00fczde geli\u015fen teknoloji de bu konuya\u00a0dahil.. - Rus Hacker 'lar taraf\u0131ndan hacklenen yakla\u015f\u0131k 5 Milyon GMAIL kullan\u0131c\u0131 ad\u0131 ve \u015fifresini i\u00e7eren \u00a0Gmail.txt adl\u0131 dosya 09 Eyl\u00fcl (09.10.2014 ) tarihinde internette yay\u0131nland\u0131. Dosya ilk yay\u0131nland\u0131\u011f\u0131 an bilgilerin tamam\u0131\u2026","rel":"","context":""A\u00e7\u0131k" i\u00e7inde","block_context":{"text":"A\u00e7\u0131k","link":"https:\/\/sahinsolmaz.com\/blog\/category\/guvenlik\/acik\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2014\/09\/gmail-hacklendi-rus-hackerlar-2014-eylul_user-pass2.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2014\/09\/gmail-hacklendi-rus-hackerlar-2014-eylul_user-pass2.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2014\/09\/gmail-hacklendi-rus-hackerlar-2014-eylul_user-pass2.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":290,"url":"https:\/\/sahinsolmaz.com\/blog\/ssh-ile-plesk-10-11-admin-sifresi-ogrenme-plesk-admin-sifremi-unuttum\/","url_meta":{"origin":539,"position":2},"title":"SSH ile Plesk 10 & 11 Admin \u015eifresi \u00f6\u011frenme – Plesk admin \u015fifremi unuttum","author":"SahinSOLMAZ","date":"3 Mart 2013","format":false,"excerpt":"Herkese Merhabalar, Plesk Panel giri\u015f \u015fifrenizi unuttu\u011funuzda SSH \u00fczerinden 1 sat\u0131rl\u0131k kod ile mevcut \u015fifrenizi g\u00f6r\u00fcnt\u00fcleyebilirsiniz. G\u00fcncel versiyonlar i\u00e7in yaz\u0131n\u0131n devam\u0131na bak\u0131n\u0131z. \u00a0 Forgot your password? (\u015eifrenizi mi unuttunuz?) butonuna t\u0131klayarak yeni a\u00e7\u0131lan sayfaya kullan\u0131c\u0131 ad\u0131 ve mail adresinizi girerek \u015fifrenizi talep etti\u011finizde Plesk 11 g\u00fcvenlik nedeni y\u00f6netici \u015fifresini g\u00f6ndermeyi\u2026","rel":"","context":""Plesk Panel" i\u00e7inde","block_context":{"text":"Plesk Panel","link":"https:\/\/sahinsolmaz.com\/blog\/category\/sunucu\/sunucu-panelleri\/plesk-panel\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1913,"url":"https:\/\/sahinsolmaz.com\/blog\/yandex-smtp-mail-gonderim-hatalarina-farkli-bir-bakis\/","url_meta":{"origin":539,"position":3},"title":"SMTP (Yandex, Gmail vd) Mail G\u00f6nderim hatalar\u0131na farkl\u0131 bir bak\u0131\u015f:","author":"SahinSOLMAZ","date":"28 Haziran 2020","format":false,"excerpt":"Yandex, yakla\u015f\u0131k 5-6 y\u0131l \u00f6nce Gmail'in \u00fccretli sundu\u011fu kurum mail hizmetine rakip olarak \u00fccretsiz sundu\u011fu Yandex Kurum'u duyurmu\u015ftu. Ge\u00e7ti\u011fimiz 1-2 y\u0131l i\u00e7erisinde de Yandex Kurum'u, Yandex Connect'e \u00e7evirdi ve ayn\u0131 hizmeti yine \u00fccretsiz olarak sa\u011flamaya devam etti. Hal b\u00f6yle olunca bu servis \u00fczerinden ciddi bir kullan\u0131c\u0131 kazanm\u0131\u015f oldu. \u0130\u015fte bu\u2026","rel":"","context":""Genel" i\u00e7inde","block_context":{"text":"Genel","link":"https:\/\/sahinsolmaz.com\/blog\/category\/genel\/"},"img":{"alt_text":"Yandex SMTP SSL Error sending Verify return code 20 unable to get local issuer certificate","src":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2020\/06\/Yandex-SMTP-SSL-Error-sending-Verify-return-code-20-unable-to-get-local-issuer-certificate.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2020\/06\/Yandex-SMTP-SSL-Error-sending-Verify-return-code-20-unable-to-get-local-issuer-certificate.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2020\/06\/Yandex-SMTP-SSL-Error-sending-Verify-return-code-20-unable-to-get-local-issuer-certificate.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sahinsolmaz.com\/blog\/wp-content\/uploads\/2020\/06\/Yandex-SMTP-SSL-Error-sending-Verify-return-code-20-unable-to-get-local-issuer-certificate.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":349,"url":"https:\/\/sahinsolmaz.com\/blog\/fastcgi-centos-5-6-timeout-500-internal-504-gateway-error-solved-cozumu\/","url_meta":{"origin":539,"position":4},"title":"FastCGI CentOS 5-6 Timeout 500 Internal & 504 Gateway Error Solved \u2013 C\u00f6z\u00fcm\u00fc","author":"SahinSOLMAZ","date":"11 Mart 2014","format":false,"excerpt":"Merhaba Arkada\u015flar, Bu sayfay\u0131 okuyorsan\u0131z muhtemelen\u00a0500 internal server error\u00a0ve\/ya\u00a0504 gateway time-out nginx\u00a0problemi can\u0131n\u0131z\u0131 epeyce s\u0131km\u0131\u015f demektir. \u015eimdi bunlara biraz g\u00f6z atal\u0131m: Solved \u2013 NGINX 502 Bad Gateway Error Hatas\u0131 ve \u00c7\u00f6z\u00fcm\u00fc 500 Internal Server Error Hatas\u0131n\u0131n Ba\u015fl\u0131ca Sebepleri Bu hatan\u0131n birden fazla sebebi vard\u0131r s\u0131k kar\u015f\u0131la\u015f\u0131lanlar\u0131 ise: .htaccess:\u00a0sitenizde kurulu olan\u2026","rel":"","context":""Bug" i\u00e7inde","block_context":{"text":"Bug","link":"https:\/\/sahinsolmaz.com\/blog\/category\/bug\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":306,"url":"https:\/\/sahinsolmaz.com\/blog\/ssh-centos-tek-tik-otomatik-plesk-kurulumu-one-click-plesk-installer-command\/","url_meta":{"origin":539,"position":5},"title":"SSH – CentOS Tek T\u0131k Otomatik Plesk Kurulumu – One Click Plesk Installer Command","author":"SahinSOLMAZ","date":"1 A\u011fustos 2013","format":false,"excerpt":"Selamlar Arkada\u015flar, \u0130lk olarak 1 A\u011fustos 2013 'te yay\u0131nlam\u0131\u015f\u0131m bu payla\u015f\u0131m\u0131m\u0131. 02 \u015eubat 2016 da ise g\u00fcncellemi\u015f bulunuyorum. A\u015fa\u011f\u0131da sizlerle payla\u015fm\u0131\u015f oldu\u011fum Plesk otomatik kurulum komutu global bir komut oldu\u011fu i\u00e7in (beklenmeyen bir durum s\u00f6z konusu olmad\u0131\u011f\u0131 s\u00fcrece) ne zaman kullan\u0131rsan\u0131z kullan\u0131n, i\u015finize yarayacakt\u0131r. Zaten otomatik kurulum komutu payla\u015f\u0131ld\u0131\u011f\u0131ndan bu\u2026","rel":"","context":""Plesk Panel" i\u00e7inde","block_context":{"text":"Plesk Panel","link":"https:\/\/sahinsolmaz.com\/blog\/category\/sunucu\/sunucu-panelleri\/plesk-panel\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.sahinsolmaz.com\/blog\/wp-content\/uploads\/2013\/08\/plesk1-300x152.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/posts\/539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/comments?post=539"}],"version-history":[{"count":1,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/posts\/539\/revisions"}],"predecessor-version":[{"id":2013,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/posts\/539\/revisions\/2013"}],"wp:attachment":[{"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/media?parent=539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/categories?post=539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sahinsolmaz.com\/blog\/wp-json\/wp\/v2\/tags?post=539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}