{"id":18583,"date":"2022-04-29T14:06:03","date_gmt":"2022-04-29T11:06:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=18583"},"modified":"2022-04-29T14:06:03","modified_gmt":"2022-04-29T11:06:03","slug":"ocak-ayinda-12-milyon-microsoft-hesabi-hacklendi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=18583","title":{"rendered":"Ocak Ay\u0131nda 1,2 Milyon Microsoft Hesab\u0131 Hacklendi"},"content":{"rendered":"<p>\u00c7evrimi\u00e7i hesaplar\u0131m\u0131z\u0131 teminat alt\u0131na almak i\u00e7in uygun tedbirler almak vakit ge\u00e7tik\u00e7e daha da k\u0131ymetli hale geliyor. \u015eifre g\u00fcvenli\u011fi ve <strong>\u00e7ift<\/strong> <strong>fakt\u00f6rl\u00fc<\/strong> <strong>kimlik<\/strong> <strong>do\u011frulama<\/strong> \u00fczere metotlar, \u00e7evrimi\u00e7i hesaplar\u0131n makus niyetli \u015fah\u0131slar taraf\u0131ndan ele ge\u00e7irilmesine kar\u015f\u0131 epeyce yararl\u0131 olarak bedellendiriliyor.<\/p>\n<p>RSA Conference&#39;ta konu\u015fan Microsoft yetkilileri, ele ge\u00e7irilen hesaplar\u0131n y\u00fczde <strong>y\u00fczde 99,9<\/strong>&#39;unun kullan\u0131c\u0131lar\u0131n\u0131n\u00a0\u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulama (MFA) kullanmad\u0131klar\u0131n\u0131 tespit ettiklerini a\u00e7\u0131klad\u0131lar. <strong>1 milyar\u0131n \u00fczerinde<\/strong> etkin kullan\u0131c\u0131ya ve ayl\u0131k 30 milyonun \u00fczerinde oturum a\u00e7ma iste\u011fi alan Microsoft, ge\u00e7ti\u011fimiz ocak ay\u0131nda <strong>1,2 milyon<\/strong> kullan\u0131c\u0131n\u0131n hesab\u0131n\u0131n ele ge\u00e7irildi\u011fini duyurdu. Her ay ele ge\u00e7irilen hesap oran\u0131n\u0131n y\u00fczde 0,5 civar\u0131nda oldu\u011fu belirtiliyor.<\/p>\n<p><b><strong>Parola p\u00fcsk\u00fcrtme ve tekrarlayan parola en \u00e7ok kullan\u0131lan h\u00fccum teknikleri<\/strong><\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/49\/8c82aeb511911b055d19c0521a104ff39e3512bd.jpeg\"\/><\/p>\n<p>Microsoft&#39;un a\u00e7\u0131klad\u0131\u011f\u0131 datalara nazaran, t\u00fcm kullan\u0131c\u0131lar\u0131n sadece <strong>y\u00fczde 11&#39;i<\/strong> ocak ay\u0131nda MFA kullanarak oturum a\u00e7t\u0131. Yetkililerin bildirdi\u011fine nazaran, her oturum a\u00e7mada MFA kullan\u0131lmas\u0131 durumunda, hepsi olmasa da <strong>1,2 milyon<\/strong> hesab\u0131n de\u011ferli bir \u00e7o\u011funlu\u011fu kurtulabilirdi.<\/p>\n<p>Sald\u0131rganlar\u0131n en \u00e7ok kulland\u0131\u011f\u0131 metotlar ortas\u0131nda <strong>parola<\/strong> <strong>p\u00fcsk\u00fcrtme<\/strong> (password spraying) ve <strong>tekrarlayan<\/strong> <strong>parola<\/strong> (password replaying) taarruzlar\u0131.\u00a0Parola p\u00fcsk\u00fcrtmenin, s\u0131kl\u0131kla kullan\u0131lan zay\u0131f parolalar ile \u00e7ok say\u0131da hesaba, \u015fifre iddias\u0131 yoluyla yetkisiz eri\u015fimler sa\u011flama ak\u0131nlar\u0131 oldu\u011fu biliniyor. Tekrarlayan parola sald\u0131r\u0131lar\u0131ndaysa, kullan\u0131c\u0131n\u0131n di\u011fer hizmetlerdeki oturum a\u00e7ma bilgileri\u00a0ele ge\u00e7irilerek kullan\u0131l\u0131yor. Kullan\u0131c\u0131lar\u0131n farkl\u0131 platformlarda t\u0131pk\u0131 \u015fifreleri kullanma e\u011filiminde olmas\u0131 bu h\u00fccumun tesirini art\u0131r\u0131yor.<\/p>\n<p>\u00c7ok fakt\u00f6rl\u00fc kimlik do\u011frulama ile birlikte oturum a\u00e7ma i\u015fi \u00e7ok katmanl\u0131 hale getirilerek g\u00fcvenlik art\u0131r\u0131l\u0131yor. Bunlar ortas\u0131nda <strong>SMS<\/strong> yoluyla g\u00f6nderilen tek kullan\u0131ml\u0131k \u015fifre (<strong>OTP<\/strong>) \u00f6n plana \u00e7\u0131k\u0131yor, lakin donan\u0131m temelli daha ileri tahliller de g\u00fcndemde. Bunlar\u0131n yan\u0131 s\u0131ra\u00a0<strong>WebAuthn<\/strong> \u00fczere teknoloji \u015firketleri \u015fifresiz oturum a\u00e7ma teknolojilerini hedefliyor.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/49\/1ae101e7e108cd67e722cc903122d58f3bdfad11.jpeg\"\/><\/p>\n<p>Microsoft yetkilileri, sald\u0131rganlar\u0131n \u00e7o\u011funlukla\u00a0<strong>POP<\/strong> ve\u00a0<strong>SMTP<\/strong> \u00fczere MFA&#39;y\u0131 desteklemeyen eski kimlik do\u011frulama protokollerini gaye ald\u0131klar\u0131n\u0131 belirtiyorlar. Bunun yan\u0131nda, bir sistemden bu eski kimlik do\u011frulama protokollerini devre d\u0131\u015f\u0131 b\u0131rakmak\u00a0hayli b\u0131kt\u0131r\u0131c\u0131 bir i\u015f. Microsoft, bu eski kimlik do\u011frulama protokollerini devre d\u0131\u015f\u0131 b\u0131rakan kullan\u0131c\u0131larda hesap hacklenmesinde <strong>y\u00fczde<\/strong> <strong>67<\/strong> azalma tespit etmi\u015f. Bu nedenle \u015firket, eski kimlik do\u011frulama protokollerininin tarihe kar\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 tavsiye ediyor.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u00c7evrimi\u00e7i hesaplar\u0131m\u0131z\u0131 teminat alt\u0131na almak i\u00e7in uygun tedbirler almak vakit ge\u00e7tik\u00e7e daha da k\u0131ymetli hale geliyor. \u015eifre g\u00fcvenli\u011fi ve \u00e7ift &#8230;<\/p>\n","protected":false},"author":1,"featured_media":18584,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[979,3563,1126,1104,1448],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/18583"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=18583"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/18583\/revisions"}],"predecessor-version":[{"id":18585,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/18583\/revisions\/18585"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/18584"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=18583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=18583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=18583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}