{"id":9464,"date":"2022-04-12T15:48:03","date_gmt":"2022-04-12T12:48:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=9464"},"modified":"2022-04-12T15:48:03","modified_gmt":"2022-04-12T12:48:03","slug":"chrome-osta-kritik-bir-guvenlik-acigi-oldugu-aciklandi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=9464","title":{"rendered":"Chrome OS\u2019ta Kritik Bir G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Oldu\u011fu A\u00e7\u0131kland\u0131"},"content":{"rendered":"

Google, Chrome OS\u2019nin \u201cyerle\u015fik g\u00fcvenlik anahtar\u0131\u201d \u00f6zelli\u011finde ge\u00e7ti\u011fimiz aylarda bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 tespit etti. Chrome OS\u2019nin yerle\u015fik g\u00fcvenlik anahtar\u0131, kullan\u0131c\u0131lar\u0131n bir internet sitesine \u00fcye olurken ya da giri\u015f yaparken kullan\u0131labiliyor. Yerle\u015fik g\u00fcvenlik anahtar\u0131\u00a0ile birlikte kullan\u0131c\u0131lar bilgisayar\u0131n power tu\u015funa basarak klasik bir usb ya da bluetooth ayg\u0131t\u0131n\u0131 ba\u011flar \u00fczere sitelere \u00fcye olabiliyor ya da siteye kendi bilgileri ile girebiliyor.\u00a0<\/p>\n

Google, H1 yonga eserini kullanan Chromebook\u2019larda yerle\u015fik g\u00fcvenlik anahtar\u0131\u00a0kullan\u0131m\u0131nda bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 buldu. Google\u2019\u0131n m\u00fchendisleri, H1 \u00e7ipinin birtak\u0131m \u015fifreleme imzalar\u0131n\u0131n uzunlu\u011funu yanl\u0131\u015f bi\u00e7imde kesti\u011fini ve \u015fifrelerin k\u0131r\u0131lmas\u0131n\u0131 kolayla\u015ft\u0131rd\u0131\u011f\u0131n\u0131 ke\u015ffetti. Google, hususla ilgili \u015fu a\u00e7\u0131klamay\u0131 yapt\u0131:\u00a0<\/p>\n

<\/p>\n

\u201cH1 g\u00fcvenlik yongas\u0131n\u0131n yaz\u0131l\u0131m\u0131nda ECDSA imzas\u0131 olu\u015fturma ile ilgili bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 oldu\u011funu ke\u015ffettik. Yaz\u0131l\u0131m kodu, kritik bir kapal\u0131 bedeli kriptografik donan\u0131m blo\u011funa ge\u00e7irirken uyumsuz transfer talimatlar\u0131n\u0131 kulland\u0131, bu da belli bir yap\u0131n\u0131n b\u00e2t\u0131n bedellerinin \u00fcretilmesine ve z\u0131mn\u00ee pahada k\u0131ymetli bir kayba neden oldu(256 bit yerine 64 bit). Bilinmeyen pahan\u0131n yanl\u0131\u015f olu\u015fturulmas\u0131n\u0131n, pahan\u0131n yine yarat\u0131lmas\u0131na sebep oldu\u011funu ve ECC anahtar\u0131n\u0131n bu bi\u00e7imde elde edilmesine\u00a0izin verdi\u011fini do\u011frulad\u0131k. Bu nedenle, tek bir imza \u00e7iftine ve imzalanm\u0131\u015f datalara sahip olan sald\u0131rganlar, \u00f6zel anahtar\u0131 aktif bir bi\u00e7imde hesaplayarak kelam konusu anahtar \u00e7iftini kullanan t\u00fcm fonksiyonlar\u0131 yahut protokolleri k\u0131rabilir.\u201d<\/em><\/p>\n

Google, bu a\u00e7\u0131klama ile birlikte \u201ctek bir \u00e7ift imza ya da imzalanm\u0131\u015f veri\u201d ele ge\u00e7iren sald\u0131rganlar\u0131n, kullan\u0131c\u0131n\u0131n Chrome OS ayg\u0131t\u0131na eri\u015fmeden kullan\u0131c\u0131n\u0131n g\u00fcvenlik anahtar\u0131n\u0131 taklit edebilece\u011fini s\u00f6yl\u00fcyor.<\/p>\n

<\/p>\n

Google birebir a\u00e7\u0131klaman\u0131n devam\u0131nda, \u201cHTTPS irtibatlar\u0131ndan \u00e7oklukla ge\u00e7ilece\u011finden, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan imzalar\u0131n yayg\u0131n bir bi\u00e7imde a\u00e7\u0131\u011fa \u00e7\u0131kmas\u0131n\u0131 beklemiyoruz. Lakin buna kar\u015f\u0131n \u00e7ift imzalar\u0131n hi\u00e7bir yerde kaydedilmedi\u011fini varsaymak yetersiz olacakt\u0131r.\u201d<\/em> dedi.\u00a0<\/p>\n

H1 yongas\u0131nda bulunan bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ile \u00fc\u00e7\u00fcnc\u00fc taraflar imzalar\u0131 elde etmi\u015f olsa bile klasik iki fakt\u00f6rl\u00fc kimlik do\u011frulaman\u0131n yaln\u0131zca ikinci k\u0131sm\u0131n\u0131 a\u015fabiliyorlar. Birinci fakt\u00f6r\u00fc a\u015fmak i\u00e7in hala kullan\u0131c\u0131n\u0131n \u015fifresinin bilinmesi gerekiyor.<\/p>\n

Google, Chromebook kullan\u0131c\u0131lar\u0131n\u0131n g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan b\u00fcsb\u00fct\u00fcn kurtulmas\u0131 i\u00e7in kimi ad\u0131mlar yay\u0131nlad\u0131. Google\u2019\u0131n yay\u0131nlad\u0131\u011f\u0131 ad\u0131mlar \u015f\u00f6yle:\u00a0<\/p>\n

    \n
  1. H1 yongas\u0131 i\u00e7in bir d\u00fczeltme almak \u00fczere cihaz\u0131\u00a0Chrome OS 75 yahut sonraki s\u00fcr\u00fcm\u00fcne g\u00fcncelleyin.\u00a00.31 ve daha evvelki bir s\u00fcr\u00fcmdeki H1 eser yaz\u0131l\u0131m\u0131 s\u00fcr\u00fcmleri bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 i\u00e7erir.\u00a00.3.15 ve sonraki s\u00fcr\u00fcmler bu a\u00e7\u0131k i\u00e7in savunma\u00a0i\u00e7eriyor.\u00a0<\/li>\n
  2. Chrome OS yerle\u015fik g\u00fcvenlik anahtar\u0131 \u00f6zelli\u011fi ile olu\u015fturulan bir g\u00fcvenlik anahtar\u0131 ile kaydetti\u011finiz internet sitelerinin listesini \u00e7\u0131kar\u0131n.<\/li>\n
  3. T\u00fcm bu sitelerden Chrome OS yerle\u015fik g\u00fcvenlik anahtar\u0131 kayd\u0131n\u0131 kald\u0131r\u0131n. Kay\u0131tl\u0131 g\u00fcvenlik anahtar\u0131n\u0131 \u201chesap ayarlar\u0131\u201d ya da \u201cg\u00fcvenlik ayarlar\u0131\u201d k\u0131sm\u0131ndan kald\u0131rabilirsiniz.\u00a0<\/li>\n
  4. Hesab\u0131n\u0131za ku\u015fkulu bir giri\u015f olup olmad\u0131\u011f\u0131n\u0131 anlamak i\u00e7in hesab\u0131n\u0131za yap\u0131lan son giri\u015fleri inceleyin.\u00a0<\/li>\n
  5. \u00a0E\u011fer \u201cDahil g\u00fcvenlik anahtar\u0131 s\u0131f\u0131rlama gerektiriyor\u201d bildiri al\u0131rsan\u0131z \u201cs\u0131f\u0131rlama\u201d se\u00e7ene\u011fini t\u0131klay\u0131n.\n

    <\/li>\n<\/ol>\n

    G\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan etkilenen Chromebook modelleri<\/b><\/p>\n

    Google, g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yaln\u0131zca H1 yongas\u0131 bulunan Chromebook\u2019lar\u0131n etkilendi\u011fini a\u00e7\u0131klad\u0131. Chromebook\u2019unuzda H1 \u00e7ipi bulunmas\u0131na kar\u015f\u0131n \u201cyerle\u015fik g\u00fcvenlik anahtar\u0131\u201dn\u0131 kullanmad\u0131ysan\u0131z tehditten etkinlenmezsiniz.\u00a0<\/p>\n

    H1 yongas\u0131 nedeniyle g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan etkilenen Chromebook modellerinin listesi \u015f\u00f6yle:\u00a0<\/p>\n

      \n
    • Acer Chromebook Spin 13 (CP713-1WN)<\/li>\n
    • Acer Chromebook 13\u00a0 (CB713-1W)<\/li>\n
    • HP Chromebook 11 G6 EE<\/li>\n
    • Acer Chromebook 315<\/li>\n
    • ASUS Chromebook Flip C214<\/li>\n
    • ASUS Chromebook C204<\/li>\n
    • Acer Chromebook 11 (C732)<\/li>\n
    • ASUS chromebook C403<\/li>\n
    • ASUS Chromebook C223<\/li>\n
    • ASUS Chromebook C523<\/li>\n
    • HP Chromebook 11A G6 EE<\/li>\n
    • ASUS Chromebook C213NA\/C213SA<\/li>\n
    • HP Chromebook 14 \/ HP Chromebook 14 G5<\/li>\n
    • CTL chromebook NL7T-360<\/li>\n
    • CTL chromebook NL7<\/li>\n
    • CTL Chromebook NL7 LTE<\/li>\n
    • Acer Chromebook 15 CB315-1H \/ 1HT<\/li>\n
    • Acer Chromebook Spin 511<\/li>\n
    • Acer Chromebook 311<\/li>\n
    • ASUS Chromebook Flip C101PA<\/li>\n
    • Acer Chromebook Spin 15 CP315-1H \/ 1HT<\/li>\n
    • HP Chromebook 14 db0000-db0999<\/li>\n
    • Acer Chromebook Tab 10 (D651N \/ D650N)<\/li>\n
    • CTL Chromebook Tab Tx1<\/li>\n
    • ASUS Chromebook Tablet CT100<\/li>\n
    • Acer Chromebook Spin 11 (R751T \/ CP511)<\/li>\n
    • Acer Chromebook 514<\/li>\n
    • Google Pixelbook<\/li>\n
    • Dell Chromebook 3100<\/li>\n
    • Dell Chromebook 3100 2in1<\/li>\n
    • Chromebook Spin 311 (R721T)<\/li>\n
    • Chromebook 311 (C721)<\/li>\n
    • HP Chromebox G2<\/li>\n
    • Acer Chromebook Spin 11 (CP311-1H & CP311-1HN)<\/li>\n
    • Lenovo 14e Chromebook<\/li>\n
    • HP Chromebook x360 11 G2 EE<\/li>\n
    • HP Chromebook 11 G7 EE<\/li>\n
    • Dell Chromebook 11 2-in-1 5190<\/li>\n
    • Dell Chromebook 11 5190<\/li>\n
    • Samsung Chromebook Plus (LTE)<\/li>\n
    • Samsung Chromebook Plus (V2)<\/li>\n
    • Pixel Slate<\/li>\n
    • Dell Chromebook 3400<\/li>\n
    • Yoga C630 Chromebook<\/li>\n
    • Lenovo 300e\/500e Chromebook 2nd Gen<\/li>\n<\/ul>\n
      <\/div>\n
      \n
      <\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

      Google, Chrome OS\u2019nin \u201cyerle\u015fik g\u00fcvenlik anahtar\u0131\u201d \u00f6zelli\u011finde ge\u00e7ti\u011fimiz aylarda bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 tespit etti. Chrome OS\u2019nin yerle\u015fik g\u00fcvenlik …<\/p>\n","protected":false},"author":1,"featured_media":9465,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[1004,1892,874,1533,2123],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/9464"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9464"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/9464\/revisions"}],"predecessor-version":[{"id":9466,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/9464\/revisions\/9466"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/9465"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9464"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9464"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9464"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}