Your Neighborhood Bank.

What would you do if you wanted to hack a bank? Maybe install some keyloggers on some bank employees machine and capture data? But how could you ever find a list of computer’s that aren’t running the latest service patches or still have vulnerabilities?

For me, ynb.com’s computers would be easy… because they mail me colorful pdfs detailing the ip addresses of each machine that is not currently patched, and what vulnerabilities it is currently open for exploiting.

Now these aren’t public ips, but internal (from the ones I have read at least). But with over 200 reports detailing computers, full branch reports, graphs showing top 10 most vulnerable machines, etc… they had done plenty of legwork for me.

So why would a bank ever reveal all of its security dirty laundry?

Because someone didn’t want to get the reports from their security software bounces filling up their inbox, so instead… ynb.com sends their internal security reports FROM the very public donotreply.com domain… and then all it took was one bad address and I started receiving their very private reports.

I have refrained from posting any info from the reports because of the severity of this security leak.