Refresh embedded running ledger copy

2026-06-25 01:29:57 +02:00 · 2026-05-21 20:08:14 -07:00
parent 772b8b25d6
commit cc32c2e8d2
3 changed files with 47 additions and 92 deletions
@@ -0,0 +1,3 @@
+
+ledger/running-ledger.txt text eol=lf
+ledger/running-ledger.txt.asc text eol=lf
@@ -1,89 +1,41 @@
-----BEGIN RUNNING LEDGER v2-----
-Identity:        Joseph R. Goydish II
+-----BEGIN RUNNING LEDGER-----
+Identity: Joseph R. Goydish II
 PGP Fingerprint: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11
-Schema version:  2
-Last Updated:    2026-05-18 21:00 UTC
-Scope:           Public anchor trail for Track A (regulatory/whistleblower) and Track B (vulnerability research)
+Last Updated (UTC): 2026-05-18
+Format: YYYY-MM-DD | CATEGORY | SUBJECT | STATUS | PUBLIC_REF | LOCAL_PROOF

--- SCHEMA ---
-| Entry ID | Date (UTC) | Track | Type | Agency/Vendor | My Role | Case ID | External Anchor URL | Proof File | SHA-256 | Sig | OTS | Status |
+2025-01-09 | CERTCC | CERT/CC VINCE VU#395558 invitation | Chronology anchor before Apple 2025-01-27 advisory | CERT/CC VINCE reference VU#395558 | DKIM / portal evidence offline
+2025-01-21 | CERTCC | VRF#25-01-MPVDT submission through CERT/CC VINCE | Chronology anchor before Apple 2025-04-16 advisory | CERT/CC reference gen-41698 | submission evidence offline
+2025-03-18 | CERTIFICATE | CNVD-2025-06744, Apple iOS / iPadOS buffer overflow | CNVD/CNCERT certificate record names Joseph Goydish as contributor | CNVD-YCGO-202503023656 | SHA-256 352A56FF1319E1B8138B1F4C6F55B652CF09CCD8C6784610E3A3EF6A9A80723C
+2025-04-22 | CERTIFICATE | CNVD-2025-07885, Apple memory reuse | CNVD/CNCERT certificate record names Joseph Goydish as contributor | CNVD-YCGO-202504012519 | SHA-256 D5BB17D5A27EABD32D272173116C90F89F12CDD912A26969115007383A7F21C8
+2025-11-12 | RESCORE | CVE-2025-24085, CoreMedia use-after-free | Public CISA/NVD rescore trail, CVSS 10.0 | https://nvd.nist.gov/vuln/detail/CVE-2025-24085; cisagov/vulnrichment#194 | public record
+2025-11-12 | RESCORE | CVE-2025-24201, WebKit out-of-bounds write | Public CISA/NVD rescore trail, CVSS 10.0 | https://nvd.nist.gov/vuln/detail/CVE-2025-24201; cisagov/vulnrichment#194 | public record
+2025-11-24 | RESCORE | CVE-2025-31200, CoreAudio memory corruption via audio decode | Public CISA/NVD rescore trail, CVSS 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2025-31200; cisagov/vulnrichment#200 | public record
+2025-11-24 | RESCORE | CVE-2025-31201, Pointer Authentication bypass | Public CISA/NVD rescore trail, CVSS 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2025-31201; cisagov/vulnrichment#200 | public record
+2025-11-26 | RESCORE | CVE-2025-43300, ImageIO out-of-bounds write | Public CISA/NVD rescore trail, CVSS 10.0 | https://nvd.nist.gov/vuln/detail/CVE-2025-43300; cisagov/vulnrichment#201 | public record
+2025-04-22 | DISCLOSURE | NASA TLS certificate-chain misconfiguration disclosure for webhosting-external.jpl.nasa.gov | Submitted / packet hashed | offline reference | SHA-256 C3EDEDB6E86187484BC0F86E0A046AF65DC316983F6EAA23E679DC888E4A25BC
+2025-12-25 | SUBMISSION | Department of Energy / NNSA DOE-417 electric emergency incident and disturbance report | Submitted / packet hashed | offline reference | SHA-256 D203750DDB657BD350B69343F36BF0C9364378004D508E5572347760C38743C2
+2026-03-24 | SUBMISSION | Taiwan NCC, Taiwan Mobile infrastructure relay-mesh submission | Decision reference assigned | NCC decision reference 11500091980 | SHA-256 4530081B986C0C084863FFA3102823DDCC81CDE0D9C1DC0E1B28BE2BA70F2AD7
+2026-04-08 | SUBMISSION | Microsoft MSRC Case 112639, MIME type-confusion / Defender / Exchange Online attachment inspection bypass | Case assigned / packet hashed | MSRC Case 112639 | SHA-256 274B18C9D3851F41DF33EB32691F4E8E0B46C5B68D7AC2A13D2CDCDD6C7C7722
+2026-04-28 | RECEIPT | Slovakia genpro.gov.sk verified electronic submission receipt | Receipt / tracking ID | Tracking ID 260428070422263 | SHA-256 84C410150FA89CF48433C19399449CADF7C75F32AACD377ECD14554991C36489
+2026-04-30 | RECEIPT | Lithuania Panevezys OTNK skyrius information attached to criminal case file | Attachment / case reference | Case 01-1-03450-26 | SHA-256 603409F4B01BFED46D22D7129EC22A1969F1A32921654B3559FEBBD4E62BC17D
+2026-05-04 | SUBMISSION | EC OLAF Mandelson / Carbyne disclosure | Reference assigned / packet hashed | Ref 00Db00K8yP.!500Sk019RuGn | SHA-256 42F922168AFC25FD0AB6813F3782F16C8F1DA82365615B3FE8272964016371F7
+2026-05-04 | SUBMISSION | Singapore CPIB Corruption Reporting Form submission | Tracking ID / packet hashed | Tracking ID 69f824dfe5ef7daf3b78ccee | SHA-256 B0F4D9EED94BDC6D5C351296CC1949CA7D7106E0E8CFFA5B97DB54727608B137
+2026-05-05 | DISCLOSURE | DOJ FARA Public, Karim Wade / Macky Sall / Epstein-funded lobby disclosure | Public submission / packet hashed | DOJ / FARA public reference | SHA-256 83EF754869D953DC808130334E07719EC1210FE28EED8E6479482A0CEBBDD925
+2026-05-05 | SUBMISSION | Massachusetts AGO, MIT Media Lab / institutional governance complaint | Submitted / packet hashed | offline reference | SHA-256 A797257A9FBD19EFEC4BDA2FB023597EAFABEA143A4D9E9EBE8996F1B302CF62
+2026-05-06 | SUBMISSION | IRS Form 211 under IRC 7623(b), Southern Trust / Financial Trust / Epstein Estate | Submitted / packet hashed | offline reference | SHA-256 653F9D1F3497C51C955A82EF1E1B2C36782468A9EB813104FADD8D72D0C6764F
+2026-05-06 | SUBMISSION | SEC TCR submission | Submission number assigned | Submission 17780-976-067-126 | offline evidence
+2026-05-11 | RECEIPT | FCA, Bank of China (UK) Limited advisory and acknowledgement | Acknowledged / case reference | Case Ref 212278528 | SHA-256 5B77C1CE4B348B065D736D2E8B15F6015CBB2E434514511E18F35DC306127C4E
+2026-05-13 | SUBMISSION | Japan ISA, ICRRA Article 70-1 visa-fraud referral | Submitted / packet hashed | offline reference | SHA-256 1D4CA44C8DF651E89119E621ECE12BA48E41FB928BFD82D12474F8DF4916ECBC
+2026-05-18 | DISCLOSURE | Cloudflare abuse report | Public repository | https://github.com/JGoyd/datalytic-shadow-collectors | public repo

-Status values:
-  VERIFIED   — neutral third party confirms; evidence published
-  PARTIAL    — timing/reference chain supports claim; full evidence not yet public
-  PENDING    — confirmation email/PDF exists; not yet published
-  UNVERIFIED — self-asserted only; no external anchor
-  DISPUTED   — contradicted by public record
-
-Role values (Track B):
-  Original-discoverer      — vendor acknowledgement names me
-  Enrichment-contributor   — CISA ADP rescore citing my submission
-  Chain-analyst            — chain reconstruction of existing CVEs
-  Forensic-observer        — observation, not vendor-confirmed
-Role values (Track A):
-  Filer                    — submitted material, agency acknowledged
-
--- ENTRIES ---
-
-# ===== TRACK B =====
-
-B-01 | 2025-11-12 | B | CVE/CVSS | Apple (via CISA ADP) | Enrichment-contributor | CVE-2025-24085 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-24085 | evidence/TRACK-B-CVE-2025-24085-24201/ | PENDING | PENDING | PENDING | PARTIAL
-
-B-02 | 2025-11-12 | B | CVE/CVSS | Apple (via CISA ADP) | Enrichment-contributor | CVE-2025-24201 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-24201 | evidence/TRACK-B-CVE-2025-24085-24201/ | PENDING | PENDING | PENDING | PARTIAL
-
-B-03 | 2025-11-24 | B | CVE/CVSS | Apple (via CISA ADP) | Enrichment-contributor + Chain-analyst | CVE-2025-31200 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31200 | evidence/TRACK-B-CVE-2025-31200-31201/ | PENDING | PENDING | PENDING | VERIFIED
-
-B-04 | 2025-11-24 | B | CVE/CVSS | Apple (via CISA ADP) | Enrichment-contributor | CVE-2025-31201 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31201 | evidence/TRACK-B-CVE-2025-31200-31201/ | PENDING | PENDING | PENDING | VERIFIED
-
-B-05 | 2025-11-26 | B | CVE/CVSS | Apple (via CISA ADP) | Chain-analyst | CVE-2025-43300 | https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-43300 | evidence/TRACK-B-CVE-2025-24085-24201/ | PENDING | PENDING | PENDING | PARTIAL
-
-B-06 | 2025-03-18 | B | CNVD | CNCERT/CC | Original-discoverer (claimed) | CNVD-2025-06744 / CNVD-YCGO-202503023656 | (CNVD certificate offline) | evidence/TRACK-B-CNVD-2025-06744/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-B-07 | 2025-04-22 | B | CNVD | CNCERT/CC | Original-discoverer (claimed) | CNVD-2025-07885 / CNVD-YCGO-202504012519 | (CNVD certificate offline) | evidence/TRACK-B-CNVD-2025-07885/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-B-08 | 2026-04-08 | B | MSRC | Microsoft Security Response Center | Reporter | MSRC-112639 | (MSRC portal — confidential) | evidence/TRACK-B-MSRC-112639/ | PENDING | PENDING | PENDING | PENDING
-
-B-09 | 2025-04-22 | B | TLS-misconfig | NASA / JPL | Discloser | (intake ref pending) | (NASA/JPL acknowledgement) | evidence/TRACK-B-NASA-JPL-TLS/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-B-10 | 2025-12-25 | B | DOE-417 | DOE/NNSA EOC | Filer | 5941450-1585693 | (DOE EOC reply — agency-controlled) | evidence/TRACK-B-DOE-417/ | PENDING | PENDING | PENDING | PENDING
-
-B-11 | 2026     | B | Abuse-report | Cloudflare | Filer | (Cloudflare ticket ref pending) | (Cloudflare abuse acknowledgement) | evidence/TRACK-B-Cloudflare-abuse/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-B-12 | 2026     | B | FBI-IC3 | FBI Internet Crime Complaint Center | Filer | 067b3177c3524c80bce02cca08064d11 | (IC3 confirmation — not externally queryable) | evidence/TRACK-B-IC3-067b3177c3524c80bce02cca08064d11/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-# ===== TRACK A =====
-
-A-01 | 2026-05-06 | A | SEC-TCR | U.S. Securities and Exchange Commission | Filer | 17780-976-067-126 | (SEC TCR Office acknowledgement — DKIM sec.gov) | evidence/TRACK-A-SEC-TCR-17780-976-067-126/ | PENDING | PENDING | PENDING | PENDING
-
-A-02 | 2026-05-06 | A | IRS-Form-211 | U.S. Internal Revenue Service Whistleblower Office | Filer | (claim # pending paper letter) | (IRS Whistleblower Office acknowledgement) | evidence/TRACK-A-IRS-FORM-211/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-A-03 | 2026-05-05 | A | DOJ-FARA | U.S. DOJ FARA Unit | Filer | (FARA Unit intake ref) | (FARA Unit acknowledgement — DKIM usdoj.gov) | evidence/TRACK-A-DOJ-FARA-Public/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-A-04 | 2026-05-04 | A | OLAF | European Anti-Fraud Office (OLAF) | Filer | 00Db00K8yP.!500Sk019RuGn | https://www.bbc.com/news/articles/cj98zm22327o (publicly confirmed parallel OLAF investigation into Mandelson) | evidence/TRACK-A-OLAF-Ref-00Db00K8yP/ | PENDING | PENDING | PENDING | PARTIAL
-
-A-05 | 2026-05-04 | A | CPIB | Singapore Corrupt Practices Investigation Bureau | Filer | 69f824dfe5ef7daf3b78ccee | (CPIB acknowledgement — DKIM cpib.gov.sg) | evidence/TRACK-A-CPIB-69f824dfe5ef7daf3b78ccee/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-A-06 | 2026-05-11 | A | FCA | UK Financial Conduct Authority | Filer | 212278528 | (FCA acknowledgement — DKIM fca.org.uk) | evidence/TRACK-A-FCA-212278528/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-A-07 | 2026-05-13 | A | Japan-ISA | Japan Immigration Services Agency | Filer | (ISA intake ref) | (ISA acknowledgement) | evidence/TRACK-A-Japan-ISA-ICRRA70-1/ | PENDING | PENDING | PENDING | UNVERIFIED
-
-A-08 | 2026-04-28 | A | Prosecutor-General | Slovak Republic — Generálna prokuratúra | Filer | 260428070422263 | (genpro.gov.sk e-signed receipt — eIDAS PAdES) | evidence/TRACK-A-SK-260428070422263/ | PENDING | PENDING | PENDING | PENDING
-
-A-09 | 2026-04-30 | A | Prosecutor-Regional | Lithuania — Panevėžio OTNK skyrius | Filer | 01-1-03450-26 (case file); IBPS-S-248320-26 (doc reg.) | (IBPS e-signed receipt — eIDAS PAdES) | evidence/TRACK-A-LT-CASE-01-1-03450-26/ | PENDING | PENDING | PENDING | PENDING
-
-A-10 | 2026-03-24 | A | NCC | Taiwan National Communications Commission | Filer | 通傳基礎決字第11500091980號 | (NCC decision letter) | evidence/TRACK-A-TW-NCC-11500091980/ | PENDING | PENDING | PENDING | PENDING
-
-A-11 | 2026-05-05 | A | State-AG | Massachusetts Attorney General's Office | Filer | (AGO intake ref) | (AGO acknowledgement) | evidence/TRACK-A-MA-AGO-MIT-MediaLab/ | PENDING | PENDING | PENDING | UNVERIFIED
-
--- NOTES ---
- Append-only after first signed publication. Edits in pre-publication drafts only.
- Every entry must terminate in a third-party-controlled anchor URL OR carry status UNVERIFIED.
- This ledger MUST be detached-signed (gpg --armor --detach-sign) and OpenTimestamps-anchored on each update.
- Prior signed versions are retained as historical artifacts.
+NOTES
+Agency acknowledgement means receipt or intake. It does not mean adjudication.
+DKIM/e-signed artifacts establish message or receipt provenance, not the truth of every submitted allegation.
+SHA-256 values identify offline packet bytes; they do not make packet contents public.
+Detached signatures must be regenerated whenever this file changes.

 VERIFICATION
-This ledger is cryptographically bound to the fingerprint above. The detached
-PGP signature (running-ledger.txt.asc) and OpenTimestamps proof
-(running-ledger.txt.ots) are published alongside this file.
+gpg --verify running-ledger.txt.asc running-ledger.txt

-----END RUNNING LEDGER v2-----
+-----END RUNNING LEDGER-----
@@ -1,12 +1,12 @@
 -----BEGIN PGP SIGNATURE-----

-iQFPBAABCAA5FiEESgQfUG2JT17jkXQ4ZIeLVqLrLREFAmoL4KkbFIAAAAAABAAO
-bWFudTIsMi41KzEuMTIsMiwxAAoJEGSHi1ai6y0Rzh0IAKe0IecTmKXfH23HM+mS
-2UjzAGaLzTN5nvpSjPtjI4tI1sysMz0+HH6WntQFA6UL6fqUGUcMB48/ugrDbDhJ
-bkPlLAvjLLPDRL3pg+4OFI6Tf5JKsoF47I1b1lN5iMbITPzqBRKVeuhdJ3Fbg7xN
-vqeaNaRqkck5RPQrILo5yLfo1Spvv1r6xYFDj+1SaNLv9AtmLMXgQVnTQafkXwVU
-sH8cdtJC8cQ3JZkDM/9IuQTU9LMw/i3iWpZZSc3RaYEMbMb1KZmHP/qne8vnZ54J
-vPNp1WR3l53ZRM41mP5QrxD43IF/3kPo3IAYx1wkqiaw57hOpZMD2EstNMo7VAYh
-Ugg=
-=4AL1
+iQFPBAABCAA5FiEESgQfUG2JT17jkXQ4ZIeLVqLrLREFAmoPZYsbFIAAAAAABAAO
+bWFudTIsMi41KzEuMTIsMiwxAAoJEGSHi1ai6y0RsKUIAOsRwrzm4MdidVkJ97A9
+9HSeg1pP1BzoLgu9PCa1b3pDz28+qMS3FPIAdHf4Aqb3qQxoShhjxCWINj7ZuicW
+6z2eqGN2WRFvECoBTOX2uRZn0i/qqLGQ4cDyO82GtlGqeZh+WAGZBFTjGKbQ9RMm
+2jT6bBvUxCb6nF9JJjYo1AzbJ1aTvTQy29X9qewP0GKd30oZ7P4oSG1mywIK/iF2
+imqBljikLEoNCfhzbq4UqH4IEd9Jxp4i6QTxBXpmDQRa4qvtgviIYbLNk/tQ4nHt
+/TjdMc1wZyLiqrDThtdNlyY5Tx9q4ce/9XyELcz2yH9NRFbOuCgUQTiH3MzQqyBp
+ZKI=
+=+RYD
 -----END PGP SIGNATURE-----