\n<\/p>\n
Sigorta tekliflerinden i\u015f ilanlar\u0131na, evcil hayvan bak\u0131c\u0131s\u0131 ve \u00f6zel ders platformlar\u0131na kadar pek \u00e7ok hizmette kullan\u0131lan bu y\u00f6ntem; doland\u0131r\u0131c\u0131l\u0131k, kimlik h\u0131rs\u0131zl\u0131\u011f\u0131 ve yetkisiz hesap eri\u015fimlerine kap\u0131 aral\u0131yor.<\/p>\n
Ara\u015ft\u0131rmaya g\u00f6re, 175\u2019ten fazla hizmet ad\u0131na SMS<\/a> g\u00f6nderen 700\u2019\u00fcn \u00fczerinde sistem noktas\u0131 (endpoint) kullan\u0131c\u0131 g\u00fcvenli\u011fini zay\u0131flatan uygulamalar i\u00e7eriyor. En b\u00fcy\u00fck sorunlardan biri, SMS\u2019le g\u00f6nderilen ba\u011flant\u0131lar\u0131n tahmin edilebilir veya kolayca \u00e7o\u011falt\u0131labilir olmas\u0131. G\u00fcvenlik belirte\u00e7leri basit\u00e7e de\u011fi\u015ftirildi\u011finde, sald\u0131rganlar ba\u015fkalar\u0131n\u0131n hesaplar\u0131na eri\u015febiliyor, ki\u015fisel bilgileri g\u00f6r\u00fcnt\u00fcleyebiliyor ve baz\u0131 durumlarda kullan\u0131c\u0131 gibi i\u015flem yapabiliyor.<\/p>\n Ara\u015ft\u0131rmac\u0131lar, bu sald\u0131r\u0131lar\u0131n t\u00fcketici d\u00fczeyi donan\u0131m ve temel-orta seviye web g\u00fcvenli\u011fi bilgisiyle b\u00fcy\u00fck \u00f6l\u00e7ekte ger\u00e7ekle\u015ftirilebildi\u011fini vurguluyor. \u00dcstelik bir\u00e7ok link y\u0131llarca ge\u00e7erlili\u011fini koruyor, bu da yetkisiz eri\u015fim riskini katl\u0131yor.<\/p>\n \u201cKOLAY VE S\u00dcRT\u00dcNMES\u0130Z\u201d<\/strong><\/p>\n \u00a0<\/p>\n Sorunu a\u011f\u0131rla\u015ft\u0131ran bir di\u011fer unsur, SMS\u2019in \u015fifreli olmamas\u0131. Ge\u00e7mi\u015fte, milyonlarca k\u0131sa mesaj\u0131n depoland\u0131\u011f\u0131 ve i\u00e7inde isimler, adresler, kullan\u0131c\u0131 adlar\u0131, parolalar, finans ba\u015fvurular\u0131 gibi hassas verilerin bulundu\u011fu a\u00e7\u0131k veritabanlar\u0131 tespit edilmi\u015fti. Buna ra\u011fmen, \u201ckolay ve s\u00fcrt\u00fcnmesiz\u201d oldu\u011fu gerek\u00e7esiyle SMS tabanl\u0131 giri\u015f yayg\u0131nl\u0131\u011f\u0131n\u0131 s\u00fcrd\u00fcr\u00fcyor.<\/p>\n \u00a0<\/p>\n Y\u00dcZ B\u0130NLERCE G\u0130R\u0130\u015e \u0130NCELEND\u0130<\/strong><\/p>\n Ara\u015ft\u0131rmac\u0131lar, 33 milyondan fazla mesajdan elde ettikleri 322 binin \u00fczerinde benzersiz giri\u015f linkini inceledi. Bunlar\u0131n 701 endpoint\u2019ten gelen ve 177 hizmeti kapsayan k\u0131sm\u0131n\u0131n, kimlik numaras\u0131, do\u011fum tarihi, banka hesap bilgileri ve kredi skoru gibi kritik ki\u015fisel verileri a\u00e7\u0131\u011fa \u00e7\u0131karabildi\u011fi belirlendi. Hizmetlerin 125\u2019i, d\u00fc\u015f\u00fck g\u00fcvenlikli token\u2019lar nedeniyle toplu link tahminine a\u00e7\u0131k bulundu.<\/p>\n Uzmanlara g\u00f6re sorumluluk b\u00fcy\u00fck \u00f6l\u00e7\u00fcde hizmet sa\u011flay\u0131c\u0131larda. Kullan\u0131c\u0131lara \u201chassas bilgi vermeyin\u201d demek yeterli de\u011fil; zira listede milyonlarca kullan\u0131c\u0131s\u0131 olan, tan\u0131nm\u0131\u015f platformlar da var.\u00a0<\/p>\n \u00a0<\/p>\n \u201cKR\u0130PTOGRAF\u0130K VE G\u00dc\u00c7L\u00dc\u201d OLMASI LAZIM<\/strong><\/p>\n \u00a0<\/p>\n \u00d6te yandan, uzmanlar \u201csihirli link\u201d (magic link) y\u00f6nteminin ba\u015fl\u0131 ba\u015f\u0131na g\u00fcvensiz olmad\u0131\u011f\u0131n\u0131; ancak k\u0131sa s\u00fcreli, ilk giri\u015fte ge\u00e7ersizle\u015fen ve kriptografik olarak g\u00fc\u00e7l\u00fc olmas\u0131 gerekti\u011fini vurguluyor. Baz\u0131 gizlilik odakl\u0131 siteler e-posta ile bu y\u00f6ntemi kullan\u0131yor; ancak bankalar ve b\u00fcy\u00fck veri<\/a> bar\u0131nd\u0131ran servisler i\u00e7in yeterli g\u00f6r\u00fclm\u00fcyor. G\u00fcvenli\u011fi art\u0131rmak i\u00e7in ikinci bir g\u00fc\u00e7l\u00fc do\u011frulama fakt\u00f6r\u00fc ve deneme say\u0131s\u0131 s\u0131n\u0131rlamas\u0131 da \u015fart.<\/p>\n<\/div>\n